I have couple of questions about session management. I use GWT+GAE. I
do not want my _ah_sessions table to be out of control. I do not want
to generate unnecessary sessions.
I have <sessions-enabled>true</sessions-enabled> in my appengine-
web.xml.
1.I have the following code at the beginning of my onModuleLoad()
method, is it ok?
String sessionid = Cookies.getCookie("JSESSIONID");
if (sessionid != null) {
Date now = new Date();
Date expires = new Date(now.getTime() + (long) 1000 * 60 * 60 * 24 *
365);
Cookies.setCookie("JSESSIONID", sessionid, expires);
}
2.After the user sends his/her username&password to the server for the
first time (i.e. with a new JSESSIONID cookie), I get that "user"
object from database and if I have it, I save it using:
getThreadLocalRequest().getSession().setAttribute("user", user);
and send it to the client as a sign of a succesful login.
So next time client visits the site with the same JSESSIONID I can get
the user object directly by:
getThreadLocalRequest().getSession().getAttribute("user");
---
Is it ok how I use the sesssion management? Is it true that every
request comes with the same JSESSIONID (unless client deleted it
deliberately), no new session is created on server and server do not
need to access database to get the user object?
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
