Bartsch Axel wrote:
> Hi Christopher,
>
> Thanks for your answer.
>
> Does that mean that the session object itself is always passed to all servlets also
>running across different JVMs and that no change at creating and using the session
>object is necessary? Is the session object therefore made Serializable?
>
The session object itself will generally (but not always) implement Serializable --
but you don't have to worry about that.
What you as an application developer need to ensure is that any session attributes you
create must implement Serializable (as must any instance variables that you maintain
within that class), so that the application server can copy them if
needed.
>
> Therefore if I would not store any objects in my session the session would work fine
>for authentication and session timeout
> purposes also across different JVMs?
> Only if I want to store objects I have to make them Serializable?
>
Anything that is stored in the session (when running a <distributable> application)
needs to be Serializable. That includes any objects you are storing there for
authentication or timeout purposes.
>
> I am using the cookie method to store the session Id. Do you know what is stored in
>the cookie:only the sessionId or also the timestamp of the latest click?
>
Details vary by servlet container, but the timestamp is probably not included (it is
definitely not included in Tomcat). The reason is that there is no need for the
client to know about that -- session timeout is a server side thing, and
happens even if the client goes away and never comes back.
Apache JServ and Tomcat have a limited form of "load balancing", where they randomly
distribute non-session requests among the various servers, but once you start a
session they leave you on a particular server for the remainder of that
session. To do this, the load balancing code adds a host identifier to the session
id, so that it knows where to direct subsequent requests for this session.
But all of this is platform specific -- an application cannot assume anything about
the internal contents of a session identifier.
>
> Axel Lannion/France
>
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
