CASTGC does not timeout

Trenton D. Adams trenta at athabascau.ca
Mon Mar 17 13:58:20 EDT 2008 

Hi Guys,

We're running tomcat 4.0.x with Java 1.4.1.  I have been doing tests with session timeouts, as people have been complaining that sessions don't timeout for many hours.

So, I wrote a script to test it with wget.  

The credentials file looks like 'username=username&password=password'.  The command line looks like this...

sessionTimeoutTest.sh 172800 172800 /tmp/login.html /tmp/wget-session.log /tmp/wget.cookies https://secure.athabascau.ca/cas/login /tmp/credentials.txt

So, after 48 hours, the CAS session has not timed out.  When I use our test environment, which unfortunately is different because we are running production CAS on a legacy environment, it times out in 7200 seconds (+/- 60) as expected.  The test environment is tomcat5 and Java 1.4.2

FYI: This machine has been restarted recently as well, and it is not under very heavy load.

Does anyone have any clue what is happening?  We're thinking that an upgrade is in order, but would like to know why this is happening.

#!/bin/sh

# args timeout increment output.html logfile.log cookiefile url credentials.txt

TIMEOUT=$1
INCREMENT=$2
OUTPUT=$3
LOGFILE=$4
COOKIEFILE=$5
URL=$6
CREDENTIALS=$7

wget --no-check-certificate -o $LOGFILE -O $OUTPUT \
--keep-session-cookies --load-cookies=$COOKIEFILE \
--save-cookies=$COOKIEFILE "${URL}`cat $CREDENTIALS`"

NOTTIMEDOUT=true
TOTALTIME=0
while $NOTTIMEDOUT -eq 'true'; do
  echo "Testing timeout at $TIMEOUT seconds";
  sleep $TIMEOUT
  ((TOTALTIME += $TIMEOUT));
  wget --no-check-certificate -o $LOGFILE -O $OUTPUT --keep-session-cookies \
    --load-cookies=$COOKIEFILE --save-cookies=$COOKIEFILE "$URL"
  grep 'You have been logged' $OUTPUT
  if [[ $? -ne 0 ]]; then
    NOTTIMEDOUT=false
    echo "Timeout at $TIMEOUT";
    echo "Total time: $TOTALTIME";
  fi
  ((TIMEOUT += $INCREMENT)); # up the session test in 15 minute intervals
done;


__ 
    This communication is intended for the use of the recipient to whom it
    is addressed, and may contain confidential, personal, and or privileged
    information. Please contact us immediately if you are not the intended
    recipient of this communication, and do not copy, distribute, or take
    action relying on it. Any communications received in error, or
    subsequent reply, should be deleted or destroyed.
---

More information about the cas mailing list