Session Management: Timeouts vs Killing Sessions

[dfear]

May i suggest that when a session times out, instead of leaving the session in the session list, the session itself is 'deleted' entirely.

This request is because Taupo DC runs in a Terminal Services environment, running Yellowfin with SSO. We use a load balancer which logs the user into the least-used Terminal Server at the time of login.

If the browser is closed (despite always telling them they must logoff!), the session remains open, but times out after 20 mins. Then, when the user logs into Windows the next day, they may be logged into a different terminal server. If this is the case, and the previous session is not killed or logged off correctly, the message 'unable to log in from multiple hosts' appears.

They must then call an administrator for their old session to be killed.

So it would be handy if the session was killed instead of remaining in the Session List as timed out. I have no worries extending the timeout from 20mins to something like 8 hours =)

Thanks!
-David Fear
-Taupo District Council

[Peter]

Hi David,

The sessions should be removed from the session list when a user's session ends.
If this is not occurring then you will need to upgrade your version of tomcat.
There are instructions on how to do this here: viewtopic.php?f=15&t=1000#p1918

Thanks,
Peter

[pmk]

Hi Peter

I have loaded YF code version 20091023 and Tomcat 5.5.27 onto the Taupo test machine (after a delay, I'm sorry!).
Taupo administrator has tried logging in from a number of hosts and it seems to have done so successfully.
Except that the machine is grinding away now (java process taking 99% CPU time), and the jdbc and yellowfin logs are continually growing.

I've attached them in a tarfile, and also a screenshot of the test server licence, and main server licence.
It seems the test server has a multicast licence, so perhaps our testing in this manner is not appropriate.

Your comments appreciated.

kind regards - Paula