thanks romesh. I was on vacation did not see your message. sorry for a late answer.
I do not "use cookies for managing session". Google does. JESSIONID cookies is created on server by App Engine anyway. I just extend its expiration date. Is it possible to implement "remember me" functionality without cookies? On May 3, 11:22 am, romesh soni <[email protected]> wrote: > Hey Ikai, sorry I referred you by mistake.. My msg was for lembas > > > > On Mon, May 3, 2010 at 1:23 PM, romesh soni <[email protected]> wrote: > > Hi Ikai, > > > the way you are managing session is not good. actually you are using > > cookies for managing session, which is not a good thing. > > instead session management is done at server side, not client side. > > > On Mon, May 3, 2010 at 1:18 PM, Ikai L (Google) <[email protected]> wrote: > > >> I'm not sure how this mitigates use of the _ah_session records that are > >> created. Anytime you set an attribute, it will use this. If you're worried > >> about _ah_session getting out of control, a better way would be to use > >> Memcache for session data and associate it with a cookie. Stale, unused > >> session data will be automatically expired. The advantage of using the > >> built > >> in sessions is that since they are backed by both Memcache and the > >> datastore, they're going to be less volatile. > > >> On Sun, May 2, 2010 at 8:46 AM, lembas <[email protected]> wrote: > > >>> I have couple of questions about session management. I use GWT+GAE. I > >>> do not want my _ah_sessions table to be out of control. I do not want > >>> to generate unnecessary sessions. > > >>> I have <sessions-enabled>true</sessions-enabled> in my appengine- > >>> web.xml. > > >>> 1.I have the following code at the beginning of my onModuleLoad() > >>> method, is it ok? > >>> String sessionid = Cookies.getCookie("JSESSIONID"); > >>> if (sessionid != null) { > >>> Date now = new Date(); > >>> Date expires = new Date(now.getTime() + (long) 1000 * 60 * 60 * 24 > >>> * > >>> 365); > >>> Cookies.setCookie("JSESSIONID", sessionid, expires); > >>> } > > >>> 2.After the user sends his/her username&password to the server for the > >>> first time (i.e. with a new JSESSIONID cookie), I get that "user" > >>> object from database and if I have it, I save it using: > >>> getThreadLocalRequest().getSession().setAttribute("user", user); > >>> and send it to the client as a sign of a succesful login. > > >>> So next time client visits the site with the same JSESSIONID I can get > >>> the user object directly by: > >>> getThreadLocalRequest().getSession().getAttribute("user"); > > >>> --- > > >>> Is it ok how I use the sesssion management? Is it true that every > >>> request comes with the same JSESSIONID (unless client deleted it > >>> deliberately), no new session is created on server and server do not > >>> need to access database to get the user object? > > >>> -- > >>> You received this message because you are subscribed to the Google Groups > >>> "Google App Engine for Java" group. > >>> To post to this group, send email to > >>> [email protected]. > >>> To unsubscribe from this group, send email to > >>> [email protected]<google-appengine-java%[email protected]> > >>> . > >>> For more options, visit this group at > >>>http://groups.google.com/group/google-appengine-java?hl=en. > > >> -- > >> Ikai Lan > >> Developer Relations, Google App Engine > >> Twitter:http://twitter.com/ikai > >> Delicious:http://delicious.com/ikailan > > >> ---------------- > >> Google App Engine links: > >> Blog:http://googleappengine.blogspot.com > >> Twitter:http://twitter.com/app_engine > >> Reddit:http://www.reddit.com/r/appengine > > >> -- > >> You received this message because you are subscribed to the Google Groups > >> "Google App Engine for Java" group. > >> To post to this group, send email to > >> [email protected]. > >> To unsubscribe from this group, send email to > >> [email protected]<google-appengine-java%[email protected]> > >> . > >> For more options, visit this group at > >>http://groups.google.com/group/google-appengine-java?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/google-appengine-java?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
