I am still I guess a bit confused about what a session is.
The Servlet docs say "The server can maintain a session either by using
cookies or by rewriting URLs."
Is that for me to choose ? Or does that simply vary from engine to engine ?
And if it uses cookies, is that still hidden from me ? Do I treat it simply
as a Session and not worry about the implementation ? Or does that actually
mean "with this engine you are forced to do it yourself with cookies"
When I try and get my head round how a non-cookie session persists, all I
can think is that the server remembers the IP address or similar and if a
user at the same IP address comes back within a certain period, it's
regarded as the same session.
Unless
- a preagreed time period elapses
- the servlet chooses to invalidate the session
But if this was true it wouldn't matter a fig if the user visited 10 other
pages on other sites in the meantime, as long as they came back within the
timeout period, with the same IP address.
Or is the URL of the page from which the visitor linked to the servlet
somehow part of the story too ?
Relying on the timeout period worries me a bit, as a legit (but slow
reading) visitor could lose their session through inactivity, while a
subsequent user in an internet cafe could use the session of a legit user
who has walked off. I guess that's why "logging out" is so important on
some pages.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
