Keep in mind that sessions managed by the servlet container expire after a
specific time of inactivity on the server side, so if a user comes back
after a while with his old session cookie, he will still get a new session.
According to the servlet spec, you can obtain this value with
HttpSession.getMaxInactiveInterval() and change it with
HttpSession.setMaxInactiveInterval(int), with a value of -1 meaning never to
expire.

Regards,
Stephan


2010/5/27 lembas <[email protected]>

> thanks romesh. I was on vacation did not see your message. sorry for a
> late answer.
>
> I do not "use cookies for managing session". Google does. JESSIONID
> cookies is created on server by App Engine anyway. I just extend its
> expiration date.
> Is it possible to implement "remember me" functionality without
> cookies?
>
> On May 3, 11:22 am, romesh soni <[email protected]> wrote:
> > Hey Ikai, sorry I referred you by mistake.. My msg was for lembas
> >
> >
> >
> > On Mon, May 3, 2010 at 1:23 PM, romesh soni <[email protected]>
> wrote:
> > > Hi Ikai,
> >
> > > the way you are managing session is not good. actually you are using
> > > cookies for managing session, which is not a good thing.
> > > instead session management is done at server side, not client side.
> >
> > > On Mon, May 3, 2010 at 1:18 PM, Ikai L (Google) <[email protected]>
> wrote:
> >
> > >> I'm not sure how this mitigates use of the _ah_session records that
> are
> > >> created. Anytime you set an attribute, it will use this. If you're
> worried
> > >> about _ah_session getting out of control, a better way would be to use
> > >> Memcache for session data and associate it with a cookie. Stale,
> unused
> > >> session data will be automatically expired. The advantage of using the
> built
> > >> in sessions is that since they are backed by both Memcache and the
> > >> datastore, they're going to be less volatile.
> >
> > >> On Sun, May 2, 2010 at 8:46 AM, lembas <[email protected]> wrote:
> >
> > >>> I have couple of questions about session management. I use GWT+GAE. I
> > >>> do not want my _ah_sessions table to be out of control. I do not want
> > >>> to generate unnecessary sessions.
> >
> > >>> I have <sessions-enabled>true</sessions-enabled> in my appengine-
> > >>> web.xml.
> >
> > >>> 1.I have the following code at the beginning of my onModuleLoad()
> > >>> method, is it ok?
> > >>> String sessionid = Cookies.getCookie("JSESSIONID");
> > >>> if (sessionid != null) {
> > >>>        Date now = new Date();
> > >>>        Date expires = new Date(now.getTime() + (long) 1000 * 60 * 60
> * 24
> > >>> *
> > >>> 365);
> > >>>        Cookies.setCookie("JSESSIONID", sessionid, expires);
> > >>> }
> >
> > >>> 2.After the user sends his/her username&password to the server for
> the
> > >>> first time (i.e. with a new JSESSIONID cookie), I get that "user"
> > >>> object from database and if I have it, I save it using:
> > >>> getThreadLocalRequest().getSession().setAttribute("user", user);
> > >>> and send it to the client as a sign of a succesful login.
> >
> > >>> So next time client visits the site with the same JSESSIONID I can
> get
> > >>> the user object directly by:
> > >>> getThreadLocalRequest().getSession().getAttribute("user");
> >
> > >>> ---
> >
> > >>> Is it ok how I use the sesssion management? Is it true that every
> > >>> request comes with the same JSESSIONID (unless client deleted it
> > >>> deliberately), no new session is created on server and server do not
> > >>> need to access database to get the user object?
> >
> > >>> --
> > >>> You received this message because you are subscribed to the Google
> Groups
> > >>> "Google App Engine for Java" group.
> > >>> To post to this group, send email to
> > >>> [email protected].
> > >>> To unsubscribe from this group, send email to
> > >>> [email protected]<google-appengine-java%[email protected]>
> <google-appengine-java%[email protected]<google-appengine-java%[email protected]>
> >
> > >>> .
> > >>> For more options, visit this group at
> > >>>http://groups.google.com/group/google-appengine-java?hl=en.
> >
> > >> --
> > >> Ikai Lan
> > >> Developer Relations, Google App Engine
> > >> Twitter:http://twitter.com/ikai
> > >> Delicious:http://delicious.com/ikailan
> >
> > >> ----------------
> > >> Google App Engine links:
> > >> Blog:http://googleappengine.blogspot.com
> > >> Twitter:http://twitter.com/app_engine
> > >> Reddit:http://www.reddit.com/r/appengine
> >
> > >>  --
> > >> You received this message because you are subscribed to the Google
> Groups
> > >> "Google App Engine for Java" group.
> > >> To post to this group, send email to
> > >> [email protected].
> > >> To unsubscribe from this group, send email to
> > >> [email protected]<google-appengine-java%[email protected]>
> <google-appengine-java%[email protected]<google-appengine-java%[email protected]>
> >
> > >> .
> > >> For more options, visit this group at
> > >>http://groups.google.com/group/google-appengine-java?hl=en.
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> "Google App Engine for Java" group.
> > To post to this group, send email to
> [email protected].
> > To unsubscribe from this group, send email to
> [email protected]<google-appengine-java%[email protected]>
> .
> > For more options, visit this group athttp://
> groups.google.com/group/google-appengine-java?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine for Java" group.
> To post to this group, send email to
> [email protected].
> To unsubscribe from this group, send email to
> [email protected]<google-appengine-java%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/google-appengine-java?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine for Java" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/google-appengine-java?hl=en.

Reply via email to