"Craig R. McClanahan" wrote:
>
> "Lame, John" wrote:
>
> > [snip]
> > In any case, I'm now wondering if there is a way to extend the lifetime of
> > a session. I really only want the session_id to be stored in the
> > cookies.txt file on the client machine for about a month. I stopped
> > using cookies and started using sessions because sessions seemed
> > much more elegant. I'm disappointed that I don't seem to have any
> > control whatsoever over the expiration date.
> >
> > John
> >
>
> For servlet engines based on the 2.0 API, whether or not you can control the
> lifetime of the session id cookie is specific to each servlet engine. Look in
> the configuration parameter options for your engine for something that lets
> you set the "cookie timeout" or some such name.
>
> In servlet engines based on the 2.1 API, you can set the timeout yourself, on
> a per-session basis, with HttpSession.setMaxInactiveInterval(). What you are
> setting is the number of seconds that the servlet engine will wait for another
> access, before invalidating the session -- the absolute expiration time is
> updated each time the cookie is sent. As a side effect, though, the cookie
> will be stored on the client side.
Is the "side effect" really true? My interpretation of the spec is that
the only thing you change with setMaxInactiveInterval is the time-out
value for the servlet engine; the session ID cookie is as before, i.e. just
kept for the length of the client session (stored in client memory as
opposed to permanent storage). Have I missed something?
--
Hans Bergsten [EMAIL PROTECTED]
Gefion Software http://www.gefionsoftware.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
