I'm using "org.apache.catalina.authenticator.SingleSignOn" for single sign
on with container-based security.

I have a question about session time outs. When the session for a given
application times out, if a user attempts to access the application after
the session has timed out, the user should have to login again, correct?

According to the documentation, this is the case. However, I'm finding that
it intermittently lets you continue before going to the login page. i.e. the
user can still access the pages, but, the session is cleared.

Has anyone else notices this? I'm wondering if this is a bug.

Jon


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)