I'm not sure how this mitigates use of the _ah_session records that are created. Anytime you set an attribute, it will use this. If you're worried about _ah_session getting out of control, a better way would be to use Memcache for session data and associate it with a cookie. Stale, unused session data will be automatically expired. The advantage of using the built in sessions is that since they are backed by both Memcache and the datastore, they're going to be less volatile.
On Sun, May 2, 2010 at 8:46 AM, lembas <[email protected]> wrote: > I have couple of questions about session management. I use GWT+GAE. I > do not want my _ah_sessions table to be out of control. I do not want > to generate unnecessary sessions. > > I have <sessions-enabled>true</sessions-enabled> in my appengine- > web.xml. > > 1.I have the following code at the beginning of my onModuleLoad() > method, is it ok? > String sessionid = Cookies.getCookie("JSESSIONID"); > if (sessionid != null) { > Date now = new Date(); > Date expires = new Date(now.getTime() + (long) 1000 * 60 * 60 * 24 * > 365); > Cookies.setCookie("JSESSIONID", sessionid, expires); > } > > 2.After the user sends his/her username&password to the server for the > first time (i.e. with a new JSESSIONID cookie), I get that "user" > object from database and if I have it, I save it using: > getThreadLocalRequest().getSession().setAttribute("user", user); > and send it to the client as a sign of a succesful login. > > So next time client visits the site with the same JSESSIONID I can get > the user object directly by: > getThreadLocalRequest().getSession().getAttribute("user"); > > --- > > Is it ok how I use the sesssion management? Is it true that every > request comes with the same JSESSIONID (unless client deleted it > deliberately), no new session is created on server and server do not > need to access database to get the user object? > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine-java%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > > -- Ikai Lan Developer Relations, Google App Engine Twitter: http://twitter.com/ikai Delicious: http://delicious.com/ikailan ---------------- Google App Engine links: Blog: http://googleappengine.blogspot.com Twitter: http://twitter.com/app_engine Reddit: http://www.reddit.com/r/appengine -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
