Re: [Resin-interest] Cookie lifetime
Scott, any insight? Comment from our engineer below. This is resin 3.0 if it makes a difference. For the persistent session, the timeout is based on access time. So each new request resets the timer for the default 30min. Is he referring to the actual session object on the server or the session cookie in the browser? Yes, each new request does reset the timer on the session object on the server, but we are not seeing the expiry date on the cookie being updated. I have tested this on a server using IE8, Firefox 3.6, and the latest Chrome build with Resin running solo and with Apache running as the front end, and the results are the same in all browsers. When setting cookie-max-age in the session-config for the web app, the expiry date/time for the session's persistent cookie does not change on subsequent requests. I also verified that this behavior is exhibited. ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
Re: [Resin-interest] Cookie lifetime
For the persistent session, the timeout is based on access time. So each new request resets the timer for the default 30min. Is he referring to the actual session object on the server or the session cookie in the browser? Yes, each new request does reset the timer on the session object on the server, but we are not seeing the expiry date on the cookie being updated. It's a session cookie, and as long as it expires on the server the contract established via the cookie becomes invalid as soon as the server 'thinks' cookie is no longer valid. Alex I have tested this on a server using IE8, Firefox 3.6, and the latest Chrome build with Resin running solo and with Apache running as the front end, and the results are the same in all browsers. When setting cookie-max-age in the session-config for the web app, the expiry date/time for the session’s persistent cookie does not change on subsequent requests. I also verified that this behavior is exhibited. ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
[Resin-interest] Cookie lifetime
Where is the standard for persistent-cookie lifetimes? Do they expire based on the time of first creation or does the cookie expiration time update to a new value on each page request? Thanks, ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
Re: [Resin-interest] Cookie lifetime
Tom Hintz wrote: Where is the standard for persistent-cookie lifetimes? Do they expire based on the time of first creation or does the cookie expiration time update to a new value on each page request? Thanks, The cookie itself is controlled by the browser. Resin by default doesn't set the cookie's max-age header, so it's really what the browser wants to do. For the persistent session, the timeout is based on access time. So each new request resets the timer for the default 30min. -- Scott ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
[Resin-interest] Cookie lifetime
Comment from our engineer below. This is resin 3.0 if it makes a difference. For the persistent session, the timeout is based on access time. So each new request resets the timer for the default 30min. Is he referring to the actual session object on the server or the session cookie in the browser? Yes, each new request does reset the timer on the session object on the server, but we are not seeing the expiry date on the cookie being updated. I have tested this on a server using IE8, Firefox 3.6, and the latest Chrome build with Resin running solo and with Apache running as the front end, and the results are the same in all browsers. When setting cookie-max-age in the session-config for the web app, the expiry date/time for the session's persistent cookie does not change on subsequent requests. I also verified that this behavior is exhibited. ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
