Cookies are the most suitable thing for the remember me functionality best works. Because sessions end with the end of browser window and cookies still survive (if specified long life)
Romesh On Thu, May 27, 2010 at 1:28 PM, lembas <[email protected]> wrote: > thanks romesh. I was on vacation did not see your message. sorry for a > late answer. > > I do not "use cookies for managing session". Google does. JESSIONID > cookies is created on server by App Engine anyway. I just extend its > expiration date. > Is it possible to implement "remember me" functionality without > cookies? > > On May 3, 11:22 am, romesh soni <[email protected]> wrote: > > Hey Ikai, sorry I referred you by mistake.. My msg was for lembas > > > > > > > > On Mon, May 3, 2010 at 1:23 PM, romesh soni <[email protected]> > wrote: > > > Hi Ikai, > > > > > the way you are managing session is not good. actually you are using > > > cookies for managing session, which is not a good thing. > > > instead session management is done at server side, not client side. > > > > > On Mon, May 3, 2010 at 1:18 PM, Ikai L (Google) <[email protected]> > wrote: > > > > >> I'm not sure how this mitigates use of the _ah_session records that > are > > >> created. Anytime you set an attribute, it will use this. If you're > worried > > >> about _ah_session getting out of control, a better way would be to use > > >> Memcache for session data and associate it with a cookie. Stale, > unused > > >> session data will be automatically expired. The advantage of using the > built > > >> in sessions is that since they are backed by both Memcache and the > > >> datastore, they're going to be less volatile. > > > > >> On Sun, May 2, 2010 at 8:46 AM, lembas <[email protected]> wrote: > > > > >>> I have couple of questions about session management. I use GWT+GAE. I > > >>> do not want my _ah_sessions table to be out of control. I do not want > > >>> to generate unnecessary sessions. > > > > >>> I have <sessions-enabled>true</sessions-enabled> in my appengine- > > >>> web.xml. > > > > >>> 1.I have the following code at the beginning of my onModuleLoad() > > >>> method, is it ok? > > >>> String sessionid = Cookies.getCookie("JSESSIONID"); > > >>> if (sessionid != null) { > > >>> Date now = new Date(); > > >>> Date expires = new Date(now.getTime() + (long) 1000 * 60 * 60 > * 24 > > >>> * > > >>> 365); > > >>> Cookies.setCookie("JSESSIONID", sessionid, expires); > > >>> } > > > > >>> 2.After the user sends his/her username&password to the server for > the > > >>> first time (i.e. with a new JSESSIONID cookie), I get that "user" > > >>> object from database and if I have it, I save it using: > > >>> getThreadLocalRequest().getSession().setAttribute("user", user); > > >>> and send it to the client as a sign of a succesful login. > > > > >>> So next time client visits the site with the same JSESSIONID I can > get > > >>> the user object directly by: > > >>> getThreadLocalRequest().getSession().getAttribute("user"); > > > > >>> --- > > > > >>> Is it ok how I use the sesssion management? Is it true that every > > >>> request comes with the same JSESSIONID (unless client deleted it > > >>> deliberately), no new session is created on server and server do not > > >>> need to access database to get the user object? > > > > >>> -- > > >>> You received this message because you are subscribed to the Google > Groups > > >>> "Google App Engine for Java" group. > > >>> To post to this group, send email to > > >>> [email protected]. > > >>> To unsubscribe from this group, send email to > > >>> [email protected]<google-appengine-java%[email protected]> > <google-appengine-java%[email protected]<google-appengine-java%[email protected]> > > > > >>> . > > >>> For more options, visit this group at > > >>>http://groups.google.com/group/google-appengine-java?hl=en. > > > > >> -- > > >> Ikai Lan > > >> Developer Relations, Google App Engine > > >> Twitter:http://twitter.com/ikai > > >> Delicious:http://delicious.com/ikailan > > > > >> ---------------- > > >> Google App Engine links: > > >> Blog:http://googleappengine.blogspot.com > > >> Twitter:http://twitter.com/app_engine > > >> Reddit:http://www.reddit.com/r/appengine > > > > >> -- > > >> You received this message because you are subscribed to the Google > Groups > > >> "Google App Engine for Java" group. > > >> To post to this group, send email to > > >> [email protected]. > > >> To unsubscribe from this group, send email to > > >> [email protected]<google-appengine-java%[email protected]> > <google-appengine-java%[email protected]<google-appengine-java%[email protected]> > > > > >> . > > >> For more options, visit this group at > > >>http://groups.google.com/group/google-appengine-java?hl=en. > > > > -- > > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > > To post to this group, send email to > [email protected]. > > To unsubscribe from this group, send email to > [email protected]<google-appengine-java%[email protected]> > . > > For more options, visit this group athttp:// > groups.google.com/group/google-appengine-java?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine-java%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
