Craig!
You will love this...
I had been "unsure" about your response to my original query simply because it
looked as if it didn't behave the way you had described it. I finally noticed
the culprit in my environment!
Although I was closing the browser and invoking it again (Netscape), I had
Messenger running ALL ALONG, since this is what I use as a default mail
service! I observed that that program really is part of the netscape.exe
application... wow! IF Messenger stayed on, then closing and reinvoking the
browser would not have the expected effect of terminating the session...
Jean
Rajendra Mishra wrote:
> Hi Craig,
> Is this also true for any other cookies which we may write from the
> servlet? For exp, i have a servlet which writes a cookie. then through
> another servlet, this cookie is changed. However, this cokie is not saved in
> the file till the browser is closed(netscape only). The cookie-values which
> are passed to the server are the ones which were saved before the browser
> was opened(IE as well as Netscape) and not the new one.
> How can we update the cookies so that the new values are passed without
> killing the session?
> Raaj.
>
> ----- Original Message -----
> From: Craig R. McClanahan <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, December 21, 1999 8:30 PM
> Subject: Re: Expiry of session
>
> > Jean Bresse wrote:
> >
> > > Hi:
> > >
> > > I know that a session can be destroyed by invoking the invalidate()
> > > method. It can also be destroyed once a certain time has passed,
> > > usually 30 minutes. The problem is as follow:
> > >
> > > 1) User A starts a session, then closes his/her browser.
> > >
> > > 2) User B starts the invokes the same browser.
> > >
> > > Our environment wants to treat user B as a user with no session (for
> > > example, the user is prompted to log on, and only THEN a session is
> > > instantiated). Is there a way for the server to destroy the session
> > > upon the user closing the browser?
> > >
> > > If this is the right way to approach the problem, suggestions for
> > > solution are most welcome! If any of the above is incorrect, your input
> > > is even more appreciated!
> > >
> >
> > Most servlet containers configure their session ID cookies with the age
> value
> > that says "this cookie expires when the browser is closed" for precisely
> this
> > reason. In Java, you do this by calling Cookie.setMaxAge() with a
> negative
> > argument. Therefore, as soon as user A closes the browser (or it crashes
> on
> > them :-) and user B starts it, all the session cookies are gone.
> >
> > As a side effect (for Netscape at least) this setting causes the cookie to
> > never be written out to the cookies.txt file, since there is no reason to
> save
> > it. This reduces the risk of someone being able to snoop your hard disk,
> swipe
> > your session ID, and impersonate you.
> >
> > >
> > > Jean Bresse
> > >
> >
> > Craig McClanahan
> >
> >
> ___________________________________________________________________________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > Resources: http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> >
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
