Hi, I am using Tomcat5.5. The default maximum session(authenticated session) inactive interval is 30 minutes. Can you please tell, how to reduce inactive interval time for authenticated sessions? Thankyou.
There's also a way of setting the default in Tomcat -- it's a property setting somewhere. I suggest you Google "tomcat default session timeout", or something similar.
Joined: Apr 21, 2008
Hi, I requested a constrained resource, and I used BASIC authentication method. The browser asked username and password. I provided valid ones. The authentication passed, and I got the constrained resource using browser(firefox).
I set setMaxInactiveInterval(100) to my session in jsp(constrained resource), and after 100 seconds the session will be invalidated. Later, I send a request to the constrained resource. At this time the container is not doing authentication, it simply returns the constrained resource(the previous one). Why the container is not doing authentication?
Later I deleted authenticated session's in my firefox. After that, I made a request to constrained resource, at this time the container asks for authentication. Why the container is asking for authentication, after deleting authenticated sessions in firefox? It seems that session object in my jsp and authentication sessions in firefox are different. What are they actually? Is there any method to invalidate authenticated sessions in my jsp? I search through google, search through java documentation not find suitable answer. I noticed that the HttpSession object is different from authentication session. Please explain me or provide any link for this topic. Thankyou.