Problem with session and SFSB timeouts

jxerxes Aug 1, 2006 10:07 AM

hello everyone!

i have a problem with session timeouts.
i'm using jboss 4.0.4GA, seam 1.0.0GA and myfaces
libs 1.1.3 and JAAS for URL based security.
i have some SFSBs which have an idle timeout that is
longer than the http session. i used the @CacheConfig
annotation because there were problems when the SFSBs
timed out before the session timed out. now when the
session is over and the user clicks on a link or
button on a page the jaas login screen appears. but
when he logs in again he is not directed to the main
menu but to the page he requested before. all the data
of the expired session is still present and even when
another login is used the data is still there. this
happens only if there's a logout because of idle time,
when the logout link is used (which triggers the
seam.invalidateSession() method) everything's fine.
it seems that the session scoped components don't
die with the session, don't they depend directly on the
http session? how could i manage that?

1. Re: Problem with session and SFSB timeouts

gavin.king Aug 1, 2006 1:08 PM (in response to jxerxes)

Almost certainly this is due to your misunderstanding/misconfiguration of how session timeout works in Tomcat.

Seam isn't squirelling away references to components in some secret session-like place ;-)
Actions
2. Re: Problem with session and SFSB timeouts

jxerxes Aug 2, 2006 9:24 AM (in response to jxerxes)

could you give me a hint?

i didn't configure anything about the session in tomcat. now i reduced the session-timeout attribute in the web.xml to one minute, but only for testing.

it seems like the session isnt destroyed or the new session after session timeout has the same session ID as the old one even if the user changes...

or could it have to do something with

http://jira.jboss.org/jira/browse/JBSEAM-279 ?
Actions

Go to original post