If you want to control the Single Sign On Session you need to modify the granting ticket expiration policy. The Tomcat sessions have nothing to do with your SSO session.
-Scott
On Thu, May 8, 2008 at 9:47 PM, tedzo <
tedzo2003@...> wrote:
I am really confused about session timeouts. I see the following 4 variables that are configurable-
1. In ApplicationContext.xml, the second argument for "serviceTicketExpirationPolicy" Bean
2. In the same file, the first (and only) argument for "grantingTicketExpirationPolicy" Bean
3. In web.xml for CAS webapp, the "session-timeout" entry
4. In tomcat's web.xml (under /conf), the "<session-config> <session-timeout>...." entry
I assumed just setting #3 above would control the timeout. That doesn't seem like it. So, I have been trying combinations and the one that worked is setting #2 AND #4 to the same value. Is that right or am I missing something here? I am using 3.06 server.
Also, by session timeout, I mean- I login and keep working. I walk away for 30 minutes (say) after I make my last request, I come back and try to access some CAS protected page. I should be asked to login again.
Your thoughts are appreciated.
Thanks.
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile.
Try it now.
_______________________________________________
Yale CAS mailing list
cas@...
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn:
http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
cas@...
http://tp.its.yale.edu/mailman/listinfo/cas
