I'm having a problem overcoming this problem so I've come here for help.
Basically, I have several webapps running on tomcat. I have several different webapps that perform various functions and one webapp, lets call it the "Portal" that is used for user authentication and to manage access to the other webapps.
When a user tries to access any application they are forwared to the portal where they can login and be authenticated. From here that can access any other application since they are authenticated and the servlet container uses singleSignOn so they only need to be authenticated once to access any webapp on Tomcat.
The problem with this, is with singleSignOn if any session expires the credentials get de-authorized. So, if I set the session timeout of 'Portal' to 30 minutes and a user accesses 'webapp1' even if the 'webapp1' session stays active for 1 hour the user will have to re-authenticate after 30 minutes since the 'portal' session timed out.
The temporary workaround right now is to set the 'portal' timeout to 8-hours. This prevents users of the other webapps from getting kicked off while they're working, However the server is at its limit and is having exhorbitant memory usage with these 'portal' sessions staying open for needlessly long amounts of time.
Is there a way to set the timeout of 'portal' to a normal value like 30min but to keep the 'portal' session active
as long as a user is using one of the other applications.
Right now I'm thinking of making the other webapps request a small file from the 'portal' webapp whenever a page is loaded to keep the 'portal' session active. However this will require making changes to all the other applications and it doesn't really seem like an elegant solution. Is there something I'm overlooking or an easier way to fix this without having ot modify all the other applications?
Question
giantpotato
I'm having a problem overcoming this problem so I've come here for help.
Basically, I have several webapps running on tomcat. I have several different webapps that perform various functions and one webapp, lets call it the "Portal" that is used for user authentication and to manage access to the other webapps.
When a user tries to access any application they are forwared to the portal where they can login and be authenticated. From here that can access any other application since they are authenticated and the servlet container uses singleSignOn so they only need to be authenticated once to access any webapp on Tomcat.
The problem with this, is with singleSignOn if any session expires the credentials get de-authorized. So, if I set the session timeout of 'Portal' to 30 minutes and a user accesses 'webapp1' even if the 'webapp1' session stays active for 1 hour the user will have to re-authenticate after 30 minutes since the 'portal' session timed out.
The temporary workaround right now is to set the 'portal' timeout to 8-hours. This prevents users of the other webapps from getting kicked off while they're working, However the server is at its limit and is having exhorbitant memory usage with these 'portal' sessions staying open for needlessly long amounts of time.
Is there a way to set the timeout of 'portal' to a normal value like 30min but to keep the 'portal' session active
as long as a user is using one of the other applications.
Right now I'm thinking of making the other webapps request a small file from the 'portal' webapp whenever a page is loaded to keep the 'portal' session active. However this will require making changes to all the other applications and it doesn't really seem like an elegant solution. Is there something I'm overlooking or an easier way to fix this without having ot modify all the other applications?
Link to comment
Share on other sites
0 answers to this question
Recommended Posts