top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Tomcat 7.0.4 - Ignoring certain URLs from session timeout

0 votes
406 views

I am running Apache Tomcat 7.0.4 on Linux and the session-timeout is configured to 30 minutes. All requests from my client pass in the session cookie. However, I do not want the session timeout counter to get reset for certain URLs.

Is there a way to configure Tomcat to ignore certain URLs when resetting its timeout counter for a particular session?

posted Jun 25, 2013 by anonymous

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

Hopefully, you mean Tomcat 7.0.40 or 7.0.41. If not, upgrade.

Okay, so you want to be able to contact a particular URL and *not* have the last-used timestamp updated? Do any of the servlets that react to those URLs try to call request.getSession()?

If you are operating in STRICT_SERVLET_COMPLIANCE or ACCESS_SESSION mode, then you will not be able to disable this update. If you are not operating in either of these two modes, you may be able to do it, but you will have to write your own software to:

a) track sessions - probably an HttpSessionListener
b) give access to those tracked sessions without calling getSession - probably using a Filter and an HttpServletRequestWrapper

answer Jun 25, 2013 by anonymous
Similar Questions
0 votes

My project is planning to upgrade to Tomcat 7.0.57 that has the fix for POODLE vulnerability and have the SSL protocol disable by default. We were up till now using the manual configuration change in server.xml in
order to disable use of SSL.

My questions is that after upgrading to Tomcat 7.0.57, is there any similar configuration change available, through which we can re enable SSL protocols again.

Please let me know if my question is not clear.

+1 vote

My development setup is Win7 while my production is RHEL6. Both of the environments have the same settings in conf/logging.properties but the files in logs/ are slightly different.

The access logs are named the same way. But on RHEL there's no tomcat7-stdout or tomcat7-stderr log files. Just 'catalina.out.YEAR.MO.DY' and the cumulative "catalina.out" with no date.

What accounts for the differences? Also, how would you stop logging to the 'catalina.out' file. It gets unusably gigantic within a few days.

0 votes

We currently are setting a site that receives fairly heavy traffic (5000 simultaneous users). We have two physical servers.

As a general idea, is there performance to be gained by running multiple instances of Tomcat 7.0? For example, two instances on one physical server and two instances on the other physical server? Assume all are running the same webapp.

...