We're using tomcat 4.1.24. I've been trying for the past hour to change the session timeout of our app. The 30 minute default shouldn't be a problem, but we connected to our server then closed the IE to see if the sessions would be invalidated after 30 minutes. They were not, so i'm trying to figure out why.
First, does a session timing out mean that everything in that session scope will be invalidated or does it just mean the user has to create a new session.
I tried changing the timeout to 1 minute for testing purposes. Running the program in JProbe, i was opening a page and then closing IE. After waiting over a minute(when the session should have timed out) i started garbage collection and checked whether the classes in the session scope were collected, and they were not. So now i'm thinking that we're not setting the session timeout correctly, or maybe that session timeout doesn't mean the session will be invalidated.
This is the code that I added to our web.xml file:
We have multiple web.xml files, but I believe the file we have to add the code to is in the WEB-INF directory, which is parallel with the app directory
basically our app is in tomcat/webapps/dir/app and our WEB-INF is in tomcat/webapps/dir/WEB-INF.
I also tried to add it to ROOT/WEB-INF to no avail.
I've read other posts similar to this, but I haven't read anything about whether the session will be invalidated upon timeout.
Any help is definitely appreciated!
thank you much.
Nathan @ AutoKnowledge
ps. kinda urgent... but only because i'm almost out of hair :)