Re: [Developers] frontend session expire time?

Thu, 24 Nov 2005 10:22:07 -0800

Op 24-nov-2005, om 12:49 heeft Michiel Meeuwissen het volgende geschreven: 
Pieter Jelle wrote:

setMaxInactiveInterval(-1) on the session object.
However, since MMBase handles these sessions by itself, I call <mm:cloud logon="x" pwd="x" /> when a user logs on to the frontend, after which a 
session is created by MMBase.
As far as I can see there is no way to set the expire time for the
session with an attribute for mm:cloud. I tried catching the session
from the Request object and calling setMaxInactiveInterval(-1) on that 
session, but no luck either.



mm:cloud does not do it's own session managment. It uses the default

session of a JSP. With a jsp:scriptlet you should be able to change  
the

max inactive interval. But you say that doesn't work....



Prolonging session-timeout can be done for the complete webapp in its  
web.xml:


<!-- Define the default session timeout for your application,
  in minutes.  From a servlet or JSP page, you can modify
  the timeout for a particular session dynamically by using
  HttpSession.getMaxInactiveInterval(). -->
<session-config>
  <session-timeout>30</session-timeout>    <!-- 30 minutes -->
</session-config>


You're looking for a more permanent sollution, but i thought i should  
mention it, just in case.


---André




A known problem with the 'cloud' object in the session is that it  
is not

serializable, so AFAIK you loose it on restart of the server. Perhaps
you mean that.


Also, the session-id is afaik stored in a cookie with the lifetime  
of the

browser, so you loose session on restart of the browser anyhow.


After having searched for quite some time, the only solution I can  
think

of is setting the username and password in a cookie, and after
revisiting the website these values are used to log the user back on.

This, of course, is far from elegant/safe, so if anyone could  
point me

in the right direction, I'd be very grateful.


This is actually the solution I used a few times too. It is not very

elegant, no, but I don't really see another one, because sooner or  
later

server or browser will restart, won't they?

Actually, people should use a password-manager.

Michiel


--
Michiel Meeuwissen                  mihxil'
Peperbus 111 MediaPark H'sum          [] ()
+31 (0)35 6772979         nl_NL eo_XX en_US



_______________________________________________
Developers mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/developers




--
André van Toly
web http://www.toly.nl                            mobile +31(0)627233562
------------------------------------------------------------------>><<--

_______________________________________________
Developers mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/developers






















					Reply via email to