Hi Stephan, Is that possible that a client had closed the browser and opens a new browser and we can still identify the client using session cookies?
Thanks Romesh On Thu, May 27, 2010 at 10:42 PM, Stephan Hartmann <[email protected]>wrote: > Keep in mind that sessions managed by the servlet container expire after a > specific time of inactivity on the server side, so if a user comes back > after a while with his old session cookie, he will still get a new session. > According to the servlet spec, you can obtain this value with > HttpSession.getMaxInactiveInterval() and change it with > HttpSession.setMaxInactiveInterval(int), with a value of -1 meaning never to > expire. > > Regards, > Stephan > > > 2010/5/27 lembas <[email protected]> > > thanks romesh. I was on vacation did not see your message. sorry for a >> late answer. >> >> I do not "use cookies for managing session". Google does. JESSIONID >> cookies is created on server by App Engine anyway. I just extend its >> expiration date. >> Is it possible to implement "remember me" functionality without >> cookies? >> >> On May 3, 11:22 am, romesh soni <[email protected]> wrote: >> > Hey Ikai, sorry I referred you by mistake.. My msg was for lembas >> > >> > >> > >> > On Mon, May 3, 2010 at 1:23 PM, romesh soni <[email protected]> >> wrote: >> > > Hi Ikai, >> > >> > > the way you are managing session is not good. actually you are using >> > > cookies for managing session, which is not a good thing. >> > > instead session management is done at server side, not client side. >> > >> > > On Mon, May 3, 2010 at 1:18 PM, Ikai L (Google) <[email protected]> >> wrote: >> > >> > >> I'm not sure how this mitigates use of the _ah_session records that >> are >> > >> created. Anytime you set an attribute, it will use this. If you're >> worried >> > >> about _ah_session getting out of control, a better way would be to >> use >> > >> Memcache for session data and associate it with a cookie. Stale, >> unused >> > >> session data will be automatically expired. The advantage of using >> the built >> > >> in sessions is that since they are backed by both Memcache and the >> > >> datastore, they're going to be less volatile. >> > >> > >> On Sun, May 2, 2010 at 8:46 AM, lembas <[email protected]> wrote: >> > >> > >>> I have couple of questions about session management. I use GWT+GAE. >> I >> > >>> do not want my _ah_sessions table to be out of control. I do not >> want >> > >>> to generate unnecessary sessions. >> > >> > >>> I have <sessions-enabled>true</sessions-enabled> in my appengine- >> > >>> web.xml. >> > >> > >>> 1.I have the following code at the beginning of my onModuleLoad() >> > >>> method, is it ok? >> > >>> String sessionid = Cookies.getCookie("JSESSIONID"); >> > >>> if (sessionid != null) { >> > >>> Date now = new Date(); >> > >>> Date expires = new Date(now.getTime() + (long) 1000 * 60 * 60 >> * 24 >> > >>> * >> > >>> 365); >> > >>> Cookies.setCookie("JSESSIONID", sessionid, expires); >> > >>> } >> > >> > >>> 2.After the user sends his/her username&password to the server for >> the >> > >>> first time (i.e. with a new JSESSIONID cookie), I get that "user" >> > >>> object from database and if I have it, I save it using: >> > >>> getThreadLocalRequest().getSession().setAttribute("user", user); >> > >>> and send it to the client as a sign of a succesful login. >> > >> > >>> So next time client visits the site with the same JSESSIONID I can >> get >> > >>> the user object directly by: >> > >>> getThreadLocalRequest().getSession().getAttribute("user"); >> > >> > >>> --- >> > >> > >>> Is it ok how I use the sesssion management? Is it true that every >> > >>> request comes with the same JSESSIONID (unless client deleted it >> > >>> deliberately), no new session is created on server and server do not >> > >>> need to access database to get the user object? >> > >> > >>> -- >> > >>> You received this message because you are subscribed to the Google >> Groups >> > >>> "Google App Engine for Java" group. >> > >>> To post to this group, send email to >> > >>> [email protected]. >> > >>> To unsubscribe from this group, send email to >> > >>> [email protected]<google-appengine-java%[email protected]> >> <google-appengine-java%[email protected]<google-appengine-java%[email protected]> >> > >> > >>> . >> > >>> For more options, visit this group at >> > >>>http://groups.google.com/group/google-appengine-java?hl=en. >> > >> > >> -- >> > >> Ikai Lan >> > >> Developer Relations, Google App Engine >> > >> Twitter:http://twitter.com/ikai >> > >> Delicious:http://delicious.com/ikailan >> > >> > >> ---------------- >> > >> Google App Engine links: >> > >> Blog:http://googleappengine.blogspot.com >> > >> Twitter:http://twitter.com/app_engine >> > >> Reddit:http://www.reddit.com/r/appengine >> > >> > >> -- >> > >> You received this message because you are subscribed to the Google >> Groups >> > >> "Google App Engine for Java" group. >> > >> To post to this group, send email to >> > >> [email protected]. >> > >> To unsubscribe from this group, send email to >> > >> [email protected]<google-appengine-java%[email protected]> >> <google-appengine-java%[email protected]<google-appengine-java%[email protected]> >> > >> > >> . >> > >> For more options, visit this group at >> > >>http://groups.google.com/group/google-appengine-java?hl=en. >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "Google App Engine for Java" group. >> > To post to this group, send email to >> [email protected]. >> > To unsubscribe from this group, send email to >> [email protected]<google-appengine-java%[email protected]> >> . >> > For more options, visit this group athttp:// >> groups.google.com/group/google-appengine-java?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine for Java" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<google-appengine-java%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/google-appengine-java?hl=en. >> >> > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine-java%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
