Rajendra Mishra wrote:
> Hi Craig,
> Is this also true for any other cookies which we may write from the
> servlet? For exp, i have a servlet which writes a cookie. then through
> another servlet, this cookie is changed. However, this cokie is not saved in
> the file till the browser is closed(netscape only). The cookie-values which
> are passed to the server are the ones which were saved before the browser
> was opened(IE as well as Netscape) and not the new one.
Are you sure your second servlet (the one that changed the cookie) really did
send it? To succeed, you would have needed to call response.addCookie() using
a cookie with the same name to do this.
If you want your cookie (either new or updated) to survive a restart of the
browser, you will need to set the maximum age to some positive value in the
future. The default maximum age value of -1 tells the browser to delete this
cookie when the browser is exited.
>
> How can we update the cookies so that the new values are passed without
> killing the session?
I do not see how anything you do with cookies has any impact on your sessions,
as long as you avoid using the cookie name being used by your servlet engine
for the session ID cookie (this should be identified in the documentation).
User cookies should have different names.
>
> Raaj.
>
Craig McClanahan
>
> ----- Original Message -----
> From: Craig R. McClanahan <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, December 21, 1999 8:30 PM
> Subject: Re: Expiry of session
>
> > Jean Bresse wrote:
> >
> > > Hi:
> > >
> > > I know that a session can be destroyed by invoking the invalidate()
> > > method. It can also be destroyed once a certain time has passed,
> > > usually 30 minutes. The problem is as follow:
> > >
> > > 1) User A starts a session, then closes his/her browser.
> > >
> > > 2) User B starts the invokes the same browser.
> > >
> > > Our environment wants to treat user B as a user with no session (for
> > > example, the user is prompted to log on, and only THEN a session is
> > > instantiated). Is there a way for the server to destroy the session
> > > upon the user closing the browser?
> > >
> > > If this is the right way to approach the problem, suggestions for
> > > solution are most welcome! If any of the above is incorrect, your input
> > > is even more appreciated!
> > >
> >
> > Most servlet containers configure their session ID cookies with the age
> value
> > that says "this cookie expires when the browser is closed" for precisely
> this
> > reason. In Java, you do this by calling Cookie.setMaxAge() with a
> negative
> > argument. Therefore, as soon as user A closes the browser (or it crashes
> on
> > them :-) and user B starts it, all the session cookies are gone.
> >
> > As a side effect (for Netscape at least) this setting causes the cookie to
> > never be written out to the cookies.txt file, since there is no reason to
> save
> > it. This reduces the risk of someone being able to snoop your hard disk,
> swipe
> > your session ID, and impersonate you.
> >
> > >
> > > Jean Bresse
> > >
> >
> > Craig McClanahan
> >
> >
> ___________________________________________________________________________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > Resources: http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> >
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
