Hi Craig,
Is this also true for any other cookies which we may write from the
servlet? For exp, i have a servlet which writes a cookie. then through
another servlet, this cookie is changed. However, this cokie is not saved in
the file till the browser is closed(netscape only). The cookie-values which
are passed to the server are the ones which were saved before the browser
was opened(IE as well as Netscape) and not the new one.
How can we update the cookies so that the new values are passed without
killing the session?
Raaj.
----- Original Message -----
From: Craig R. McClanahan <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 21, 1999 8:30 PM
Subject: Re: Expiry of session
> Jean Bresse wrote:
>
> > Hi:
> >
> > I know that a session can be destroyed by invoking the invalidate()
> > method. It can also be destroyed once a certain time has passed,
> > usually 30 minutes. The problem is as follow:
> >
> > 1) User A starts a session, then closes his/her browser.
> >
> > 2) User B starts the invokes the same browser.
> >
> > Our environment wants to treat user B as a user with no session (for
> > example, the user is prompted to log on, and only THEN a session is
> > instantiated). Is there a way for the server to destroy the session
> > upon the user closing the browser?
> >
> > If this is the right way to approach the problem, suggestions for
> > solution are most welcome! If any of the above is incorrect, your input
> > is even more appreciated!
> >
>
> Most servlet containers configure their session ID cookies with the age
value
> that says "this cookie expires when the browser is closed" for precisely
this
> reason. In Java, you do this by calling Cookie.setMaxAge() with a
negative
> argument. Therefore, as soon as user A closes the browser (or it crashes
on
> them :-) and user B starts it, all the session cookies are gone.
>
> As a side effect (for Netscape at least) this setting causes the cookie to
> never be written out to the cookies.txt file, since there is no reason to
save
> it. This reduces the risk of someone being able to snoop your hard disk,
swipe
> your session ID, and impersonate you.
>
> >
> > Jean Bresse
> >
>
> Craig McClanahan
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
