Milt Epstein wrote:
> On Sat, 15 Jan 2000, Kevin Jones wrote:
>
> > I'm with Milt here - you may see that when you restart the browser
> > you're now in a new session but (unless you've used persistent
> > cookies) that is to be expected. Do you see the session time out in
> > the servlet engine?
>
> That's a good way of putting it -- the fact that you have a new
> session when you restart your browser has nothing to do with whether
> or not the session has been invalidated on the server -- it's just
> that that old session is no longer accessible.
>
That is correct -- the session itself will not expire until the timeout interval
you set (with setMaxInactiveInterval()) passes.
>
> As to persistent cookies, I assume you're talking about the cookie
> that contains the session id. I'm not sure the earlier JSDK specs
> said much about that cookie, but I believe the newest spec (2.2) does
> cover it, including specifying what the name on the cookie has to be,
> and that it's age/expiration must be set so that the cookie is gone
> when the browser quits and is not persisted (I'm not 100% sure about
> that latter part, but I think I remember hearing it).
>
This is also correct.
>
> Of course, if sessions are being handled via URL rewriting, that's a
> whole different story, and I'm not as clear on that.
>
It's here that you can actually see that the original statement ("the session
expires when the browser is closed") was incorrect. Let's say you do the
following:
* Access a page within a session. The current location
will have an encoded session id in it.
* Save a bookmark to this page (which will include the
encoded session id).
* Exit the browser.
* Restart the browser.
* Return to the bookmarked page.
As long as you do these steps within the timeout period, the user will return to
the session they were previously in -- even though they closed and restarted
their browser.
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
