Re: [SOLVED] Re: How do I set maxage on the JSESSIONID cookie?
I'm modifying the response by appending a session cookie whose maxAge has been configured to a positive value. I'm writing it as a Filter because 1) Eric suggested that (well, he suggested a Valve, but from my limited understanding, it seems like a Filter does the same thing and is not specific to Tomcat) and 2) it seems like this will make it easy to to use with any other servlet app that I want. --Jesse Barnum, President, 360Works http://www.360works.com (770) 234-9293 On Jun 29, 2007, at 7:32 PM, Martin Gainty wrote: Curious as to why you're writing a Filter Are you modifying Request Headers or the Request itself? Thx, M-- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[SOLVED] Re: How do I set maxage on the JSESSIONID cookie?
Eric, that worked - your code was very helpful, thanks. I wound up doing it as a Filter instead of a Valve, so that it would not be tied to Tomcat. Here is the code in case anybody else would find it useful: --Jesse Barnum, President, 360Works http://www.360works.com (770) 234-9293 package com.prosc.servlet; import javax.servlet.*; import javax.servlet.http.*; import java.io.IOException; /** * This class will set the cookie maxAge to match the session timeout value. That way, a user who closes their browser and * re-enters the site will still have the same session if it has not timed out on the server. */ public class SessionCookieExtender implements Filter { private static final String JSESSIONID = JSESSIONID; public void init( FilterConfig config ) throws ServletException {} public void doFilter( ServletRequest _request, ServletResponse _response, FilterChain chain ) throws IOException, ServletException { if( _response instanceof HttpServletResponse ) { HttpServletRequest httpRequest = (HttpServletRequest)_request; HttpServletResponse httpResponse = (HttpServletResponse)_response; HttpSession session = httpRequest.getSession(); if( session != null session.getId() != null ) { Cookie sessionCookie = new Cookie( JSESSIONID, session.getId() ); int sessionTimeoutSeconds = session.getMaxInactiveInterval(); sessionCookie.setMaxAge( sessionTimeoutSeconds ); sessionCookie.setPath( httpRequest.getContextPath() ); httpResponse.addCookie( sessionCookie ); //FIX! This doesn't actually get rid of the other cookie, but it seems to work OK } } chain.doFilter( _request, _response ); } public void destroy() {} } On Jun 29, 2007, at 2:50 PM, Eric Berry wrote: You will probably have to write a valve for this. I had to write one to set the session cookie's domain so that it's a site wide domain. I posted the code to this mailing list a while back. If you do a search you should be able to find it, if not let me know I'll see if I can get a hold of it. Eric On 6/29/07, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, Jesse Barnum wrote: Well, you can set the max age on a cookie to something 0, which means that it will persist for that amount of time, even if the user's browser window is closed. I'm just trying to figure out if there is a way to tell Tomcat to set that property on the cookies that it creates to store the session ID's. You may have to do it manually (that is, grab the Cookie object from the response and force the maxage). On the other hand, the user's session is going to time out within that 48 hours, so what's the point of maintaining the JSESSIONID cookie past the browser-session? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGhUcu9CaO5/Lv0PARAjzeAJ9PAkO2n4InRn9s9KaoCTlZ6gogowCgipM2 VibFQ3g7DvtU4ajdOcsOa94= =Jdtn -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Learn from the past. Live in the present. Plan for the future. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [SOLVED] Re: How do I set maxage on the JSESSIONID cookie?
Curious as to why you're writing a Filter Are you modifying Request Headers or the Request itself? Thx, M-- This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: Jesse Barnum [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, June 29, 2007 7:05 PM Subject: [SOLVED] Re: How do I set maxage on the JSESSIONID cookie? Eric, that worked - your code was very helpful, thanks. I wound up doing it as a Filter instead of a Valve, so that it would not be tied to Tomcat. Here is the code in case anybody else would find it useful: --Jesse Barnum, President, 360Works http://www.360works.com (770) 234-9293 package com.prosc.servlet; import javax.servlet.*; import javax.servlet.http.*; import java.io.IOException; /** * This class will set the cookie maxAge to match the session timeout value. That way, a user who closes their browser and * re-enters the site will still have the same session if it has not timed out on the server. */ public class SessionCookieExtender implements Filter { private static final String JSESSIONID = JSESSIONID; public void init( FilterConfig config ) throws ServletException {} public void doFilter( ServletRequest _request, ServletResponse _response, FilterChain chain ) throws IOException, ServletException { if( _response instanceof HttpServletResponse ) { HttpServletRequest httpRequest = (HttpServletRequest)_request; HttpServletResponse httpResponse = (HttpServletResponse)_response; HttpSession session = httpRequest.getSession(); if( session != null session.getId() != null ) { Cookie sessionCookie = new Cookie( JSESSIONID, session.getId() ); int sessionTimeoutSeconds = session.getMaxInactiveInterval(); sessionCookie.setMaxAge( sessionTimeoutSeconds ); sessionCookie.setPath( httpRequest.getContextPath() ); httpResponse.addCookie( sessionCookie ); //FIX! This doesn't actually get rid of the other cookie, but it seems to work OK } } chain.doFilter( _request, _response ); } public void destroy() {} } On Jun 29, 2007, at 2:50 PM, Eric Berry wrote: You will probably have to write a valve for this. I had to write one to set the session cookie's domain so that it's a site wide domain. I posted the code to this mailing list a while back. If you do a search you should be able to find it, if not let me know I'll see if I can get a hold of it. Eric On 6/29/07, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, Jesse Barnum wrote: Well, you can set the max age on a cookie to something 0, which means that it will persist for that amount of time, even if the user's browser window is closed. I'm just trying to figure out if there is a way to tell Tomcat to set that property on the cookies that it creates to store the session ID's. You may have to do it manually (that is, grab the Cookie object from the response and force the maxage). On the other hand, the user's session is going to time out within that 48 hours, so what's the point of maintaining the JSESSIONID cookie past the browser-session? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGhUcu9CaO5/Lv0PARAjzeAJ9PAkO2n4InRn9s9KaoCTlZ6gogowCgipM2 VibFQ3g7DvtU4ajdOcsOa94= =Jdtn -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Learn from the past. Live in the present. Plan for the future. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]