On 14/07/2011 15:54, André Warnier wrote: > Konstantin Kolinko wrote: > ... >> >> 1) Updating it with every response sounds lame. >> >> 2) max-age value should be consistent between all web applications >> that might share the session cookie. >> Otherwise there will be inconsistencies and breakages. >> > Are you not confusing "max-age" with "last access" ?
Possibly the confusion* is that: http://download.oracle.com/javaee/5/api/javax/servlet/http/Cookie.html defines setMaxAge() but one could infer that it should be persisted and a rolling value applied on each request, but it actually maps to the Expires attribute of the cookie. I suppose the method name is misleading, semantically better to have said "setExpires(long)" instead. p * It's confused me, certainly. ** Ooh look at me doing an André, quoting HTTP specs > The expiration of a cookie (like the expiration of a session), in my > view should be calculated on the base of : > last access + max-age, compared to "now" > > And then, there is the question of whether "last access" should be > updated when the request is received, or when the response is sent. > (Apparently the Servlet Spec has things to say on the matter, and some > recently added Tomcat properties also). > > There was another thread recently debating similar issues, in the > context of long file upload requests. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
signature.asc
Description: OpenPGP digital signature