Re: problem with HttpSession

Craig R. McClanahan Mon, 3 May 1999 11:14:31 -0700
Hans Bergsten wrote:

> "Craig R. McClanahan" wrote:
> >
> > "Lame, John" wrote:
> >
> > > [snip]
> > > In any case, I'm now wondering if there is a way to extend the lifetime of
> > > a session.  I really only want the session_id to be stored in the
> > > cookies.txt file on the client machine for about a month.  I stopped
> > > using cookies and started using sessions because sessions seemed
> > > much more elegant.  I'm disappointed that I don't seem to have any
> > > control whatsoever over the expiration date.
> > >
> > > John
> > >
> >
> > For servlet engines based on the 2.0 API, whether or not you can control the
> > lifetime of the session id cookie is specific to each servlet engine.  Look in
> > the configuration parameter options for your engine for something that lets
> > you set the "cookie timeout" or some such name.
> >
> > In servlet engines based on the 2.1 API, you can set the timeout yourself, on
> > a per-session basis, with HttpSession.setMaxInactiveInterval().  What you are
> > setting is the number of seconds that the servlet engine will wait for another
> > access, before invalidating the session -- the absolute expiration time is
> > updated each time the cookie is sent.  As a side effect, though, the cookie
> > will be stored on the client side.
>
> Is the "side effect" really true? My interpretation of the spec is that
> the only thing you change with setMaxInactiveInterval is the time-out
> value for the servlet engine; the session ID cookie is as before, i.e. just
> kept for the length of the client session (stored in client memory as
> opposed to permanent storage). Have I missed something?
>
> --
> Hans Bergsten           [EMAIL PROTECTED]
> Gefion Software         http://www.gefionsoftware.com
>

You're right, of course ... I was confusing the two effects.  Even in a 2.1 servlet
engine, you will need to use a configuration parameter to control the timeout of
the session id cookie, if and only if the servlet engine allows you to do so.

Craig

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
Re: problem with HttpSession

Reply via email to
