Normally, session cookies are created non-persistent on the browser side,
but you could try to re-set the session cookie in a filter and use
Cookie.setMaxAge(int) to make it persistent, like lembas did with GWT in his
initial post.
For plain Servlet API it could look like:
String sessionId = req.getSession().getId();
Cookie persistentSessionCookie = new Cookie("SESSIONID", sessionId);
persistentSessionCookie.setMaxAge(Integer.MAX_VALUE);
resp.addCookie(persistentSessionCookie);
2010/5/28 romesh soni <[email protected]>
> Hi Stephan,
> Is that possible that a client had closed the browser and opens a new
> browser and we can still identify the client using session cookies?
>
> Thanks
> Romesh
>
> On Thu, May 27, 2010 at 10:42 PM, Stephan Hartmann
> <[email protected]>wrote:
>
>> Keep in mind that sessions managed by the servlet container expire after a
>> specific time of inactivity on the server side, so if a user comes back
>> after a while with his old session cookie, he will still get a new session.
>> According to the servlet spec, you can obtain this value with
>> HttpSession.getMaxInactiveInterval() and change it with
>> HttpSession.setMaxInactiveInterval(int), with a value of -1 meaning never to
>> expire.
>>
>> Regards,
>> Stephan
>>
>>
>> 2010/5/27 lembas <[email protected]>
>>
>> thanks romesh. I was on vacation did not see your message. sorry for a
>>> late answer.
>>>
>>> I do not "use cookies for managing session". Google does. JESSIONID
>>> cookies is created on server by App Engine anyway. I just extend its
>>> expiration date.
>>> Is it possible to implement "remember me" functionality without
>>> cookies?
>>>
>>> On May 3, 11:22 am, romesh soni <[email protected]> wrote:
>>> > Hey Ikai, sorry I referred you by mistake.. My msg was for lembas
>>> >
>>> >
>>> >
>>> > On Mon, May 3, 2010 at 1:23 PM, romesh soni <[email protected]>
>>> wrote:
>>> > > Hi Ikai,
>>> >
>>> > > the way you are managing session is not good. actually you are using
>>> > > cookies for managing session, which is not a good thing.
>>> > > instead session management is done at server side, not client side.
>>> >
>>> > > On Mon, May 3, 2010 at 1:18 PM, Ikai L (Google) <[email protected]>
>>> wrote:
>>> >
>>> > >> I'm not sure how this mitigates use of the _ah_session records that
>>> are
>>> > >> created. Anytime you set an attribute, it will use this. If you're
>>> worried
>>> > >> about _ah_session getting out of control, a better way would be to
>>> use
>>> > >> Memcache for session data and associate it with a cookie. Stale,
>>> unused
>>> > >> session data will be automatically expired. The advantage of using
>>> the built
>>> > >> in sessions is that since they are backed by both Memcache and the
>>> > >> datastore, they're going to be less volatile.
>>> >
>>> > >> On Sun, May 2, 2010 at 8:46 AM, lembas <[email protected]> wrote:
>>> >
>>> > >>> I have couple of questions about session management. I use GWT+GAE.
>>> I
>>> > >>> do not want my _ah_sessions table to be out of control. I do not
>>> want
>>> > >>> to generate unnecessary sessions.
>>> >
>>> > >>> I have <sessions-enabled>true</sessions-enabled> in my appengine-
>>> > >>> web.xml.
>>> >
>>> > >>> 1.I have the following code at the beginning of my onModuleLoad()
>>> > >>> method, is it ok?
>>> > >>> String sessionid = Cookies.getCookie("JSESSIONID");
>>> > >>> if (sessionid != null) {
>>> > >>> Date now = new Date();
>>> > >>> Date expires = new Date(now.getTime() + (long) 1000 * 60 *
>>> 60 * 24
>>> > >>> *
>>> > >>> 365);
>>> > >>> Cookies.setCookie("JSESSIONID", sessionid, expires);
>>> > >>> }
>>> >
>>> > >>> 2.After the user sends his/her username&password to the server for
>>> the
>>> > >>> first time (i.e. with a new JSESSIONID cookie), I get that "user"
>>> > >>> object from database and if I have it, I save it using:
>>> > >>> getThreadLocalRequest().getSession().setAttribute("user", user);
>>> > >>> and send it to the client as a sign of a succesful login.
>>> >
>>> > >>> So next time client visits the site with the same JSESSIONID I can
>>> get
>>> > >>> the user object directly by:
>>> > >>> getThreadLocalRequest().getSession().getAttribute("user");
>>> >
>>> > >>> ---
>>> >
>>> > >>> Is it ok how I use the sesssion management? Is it true that every
>>> > >>> request comes with the same JSESSIONID (unless client deleted it
>>> > >>> deliberately), no new session is created on server and server do
>>> not
>>> > >>> need to access database to get the user object?
>>> >
>>> > >>> --
>>> > >>> You received this message because you are subscribed to the Google
>>> Groups
>>> > >>> "Google App Engine for Java" group.
>>> > >>> To post to this group, send email to
>>> > >>> [email protected].
>>> > >>> To unsubscribe from this group, send email to
>>> > >>> [email protected]<google-appengine-java%[email protected]>
>>> <google-appengine-java%[email protected]<google-appengine-java%[email protected]>
>>> >
>>> > >>> .
>>> > >>> For more options, visit this group at
>>> > >>>http://groups.google.com/group/google-appengine-java?hl=en.
>>> >
>>> > >> --
>>> > >> Ikai Lan
>>> > >> Developer Relations, Google App Engine
>>> > >> Twitter:http://twitter.com/ikai
>>> > >> Delicious:http://delicious.com/ikailan
>>> >
>>> > >> ----------------
>>> > >> Google App Engine links:
>>> > >> Blog:http://googleappengine.blogspot.com
>>> > >> Twitter:http://twitter.com/app_engine
>>> > >> Reddit:http://www.reddit.com/r/appengine
>>> >
>>> > >> --
>>> > >> You received this message because you are subscribed to the Google
>>> Groups
>>> > >> "Google App Engine for Java" group.
>>> > >> To post to this group, send email to
>>> > >> [email protected].
>>> > >> To unsubscribe from this group, send email to
>>> > >> [email protected]<google-appengine-java%[email protected]>
>>> <google-appengine-java%[email protected]<google-appengine-java%[email protected]>
>>> >
>>> > >> .
>>> > >> For more options, visit this group at
>>> > >>http://groups.google.com/group/google-appengine-java?hl=en.
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google
>>> Groups "Google App Engine for Java" group.
>>> > To post to this group, send email to
>>> [email protected].
>>> > To unsubscribe from this group, send email to
>>> [email protected]<google-appengine-java%[email protected]>
>>> .
>>> > For more options, visit this group athttp://
>>> groups.google.com/group/google-appengine-java?hl=en.
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Google App Engine for Java" group.
>>> To post to this group, send email to
>>> [email protected].
>>> To unsubscribe from this group, send email to
>>> [email protected]<google-appengine-java%[email protected]>
>>> .
>>> For more options, visit this group at
>>> http://groups.google.com/group/google-appengine-java?hl=en.
>>>
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Google App Engine for Java" group.
>> To post to this group, send email to
>> [email protected].
>> To unsubscribe from this group, send email to
>> [email protected]<google-appengine-java%[email protected]>
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/google-appengine-java?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine for Java" group.
> To post to this group, send email to
> [email protected].
> To unsubscribe from this group, send email to
> [email protected]<google-appengine-java%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/google-appengine-java?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
