Mantis - Resin
|Viewing Issue Advanced Details|
|ID:||Category:||Severity:||Reproducibility:||Date Submitted:||Last Update:|
|3122||minor||always||12-05-08 09:15||03-26-09 18:08|
|ETA:||none||Fixed in Version:||4.0.0|
|Summary:||0003122: cluster sessions not expiring|
(rep by Richard Grantham)
Well, usually it's 60 minutes. The 60 second timeout is set when someone
calls a JSP which sets the new session timeout with
session.setMaxInactiveInterval(60)). This is so that if someone loses
their connection to the internet they will be able to continue working
without issue when it comes back (assuming it's back in under an hour).
The timeout is being set by the JSP but is not acted upon.
Perhaps I should explain the use case. Our application maintains a list
who is logged into the system. It also allows people to lock things for
editing. So that people can't lock things and go off on holiday
preventing others from working we unlock anything they have locked and
clear them out of the logged in list when a session is invalidated.
Right now people are just closing the browser and going home and their
colleagues are unable to continue the work the next day. I'd agree that
half the issue is education ("please press logout") but it's also
something we need to be pro-active about.
|Steps To Reproduce:|