recently our application was integrated with SSO. The SSO team is providing security using LDAP and authorization and authentication by Web seal.
Our application is developed using EJBs. server is websphere.
Here my problem is that, regarding session time of my application.
from inception our application is using session maxinactiveinterval() method for session time out and also works fine.
After integrated with SSO, even time expires the application is working.
How to handle this. can anybody help me please. If we use session time out at web.xml, is it gives any difference.
When you add session time out in DD, meaning, all the sessions corresponding to the web app will expires the session based on the mentioned time interval.
If you use maxinactiveinterval() in servlet code. meaning, that particular session will be expire after mentioned time out, where as still other sessions might be active.
you can set the session time out in the web.xml also.it will work no problem will raised.
if you are using setmaxtimeout in the servlet program it self the server will give first perference to that one.
Joined: Jan 25, 2012
Thank you very much... its working by keeping session time in web.xml