-----------------------------
Please read the FAQ!
<http://java.apache.org/faq/>
-----------------------------
TIS Official wrote:
>
> The web server can truely never 'see' that it is the same person who closed
> the browser and opened a new one :). Every session id is associated with
> the browser instance and is unique. If the session expires or the browser
> is closed it is mandatory to make the session expire.
Well, the server doesn't necessarily have any way of telling that two
HTTP requests from the same IP address are from the same browser - HTTP
is officially stateless.
Session tracking in a servlet runner is normally achieved by using a
non-persistent cookie, i.e. one the browser doesn't save. So, if you
shut the browser, game over.
Many servlet runners also support session tracking in a cookie free
environment by adding a tag in the URL (don't know offhand if Apache
JServ does). This requires that any servlet writing out URL's wraps them
in a call to HttpServletResponse.encodeUrl() which will add the session
tag in the servlet runner's required format. If you bookmarked one of
these URL's and restarted the browser, you could use it again so long as
the session had not expired. The problem is that long-term bookmarking
doesn't always work with these types of URL's, as the servlet runner
ends up receiving a dud session token.
Dave
--
David Crooke, Austin TX, USA. +1 (512) 656 6102
"Open source software - with no walls and fences, who needs Windows
and Gates?"
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
