For the application in question, the following configuration is being used
for the webapp's session:


On Thursday, August 19, 2010 at 1:00:20 PM, for example, the web browser
navigates to the application and gets the session cookie; the cookie has an
expiry date of Thursday, August 19, 2010 1:30:20 PM. (If cookie-max-age were
not set, the cookie would instead show that it will expire at the end of the
session.)   The user is never idle, making regular requests thus keeping the
session on the server alive.  However the timestamp on the JSESSIONID cookie
in the browser never changes; it remains set to Thursday, August 19, 2010
1:30:20 PM.  At 1:30:20 PM, the cookie expires, the browser discards it and
no longer sends the session cookie info with its requests and the connection
to the session is lost; the user has to log back in again.

This has been seen in resin 2 and resin 3. So the question is:

When setting cookie-max-age in an app's session-config, should we be seeing
the expiry date for the session cookie in the browser update when the
browser sends a request and receives a new response from the server or is
what is described above the expected behavior?

Sorry for the long example there...

-----Original Message-----
[] On Behalf Of Alex
Sent: Thursday, August 19, 2010 12:37 PM
To: General Discussion for the Resin application server
Subject: Re: [Resin-interest] Cookie lifetime

> > For the persistent session, the timeout is based on access time. So each
new request resets the timer for the default 30min.
> Is he referring to the actual session object on the server or the session
cookie in the browser?  Yes, each new request does reset the timer on the
session object on the server, but we are not seeing the expiry date on the
cookie being updated.

It's a session cookie, and as long as it expires on the server the contract
established via the cookie becomes invalid as soon as the server 'thinks'
cookie is no longer valid.


> I have tested this on a server using IE8, Firefox 3.6, and the latest
Chrome build with Resin running solo and with Apache running as the front
end, and the results are the same in all browsers.
> When setting cookie-max-age in the session-config for the web app, the
expiry date/time for the session's persistent cookie does not change on
subsequent requests. I also verified that this behavior is exhibited.
> _______________________________________________
> resin-interest mailing list

resin-interest mailing list

resin-interest mailing list

Reply via email to