JSESSIONID cookie is pushed to clients when a new session is requested via HttpRequest.getSession (or <%@page session="true" %>) is used. The cookie always has a lifetime of zero, which means that it will be destroyed when the browser is closed. On the server, Tomcat maintains a last activity timestamp with the session data--which it uses to determine if a session has timed out. If a session has timed out when a request comes in, the browser is issued a new JSESSIONID cookie (and the old one is destroyed).
However, I don't know what happens to the persistence of the JSESSIONID cookie when sessions are configured to never timeout on the server. An easy way to check would be to configure sessions to never time out, have one page to set a session variable, have another page display that session variable. Visit the set var page, visit the show var page, close the browser, visit the show var page again. If the cookie was destroyed when the browser was closed, the second visit to the show var page would reveal that. If that happens to be the case, you should handle the persistence between browser sessions yourself.
The other thing to consider is whether or not you really want permanent sessions. Because we are reaching the point where sessions surviving restarts and server failures is starting to become the norm with Tomcat's persistent sessions (rather than the exception), session data will never get cleared out unless sessions are explicitly invalidated--leading to a lot of server-side clutter. That is, restarting Tomcat used to be a way of clearing out stale session data which never timed out. Because sessions can now (rather easily) be preserved in Tomcat, stale session data from permanent sessions may become an issue.
Do it yourself... If you want some data to persist between sessions, I recommend that you store the data in a separate cookie and manage it yourself. Don't use sessions just because they are convenient.
At 17:35 2003-02-04 -0500, you wrote:
Thanks for the response. I believe that just controls the timeout of the session on the server, and maybe the timeout of the cookies. To be more specific, I am asking about the timeout of the jsessionid cookie on the client. Is it possible to control these separately, i.e., set session-timeout to 30 minutes, but make the jsessionid cookie expire when the browser is closed, or alternatively, make the cookie expire in 30 minutes, so the user could close his browser, and come back to the app later and still maintain his session.The difference between the types of cookies I am talking about I think are actually called "browser-session cookies", which means that the browser keeps the cookies in memory for the life of the browser, or in the second case, writes them to disk for retrieval later. Ian. -----Original Message----- From: Sean Dockery [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 5:29 PM To: Tomcat Users List Subject: Re: Sessions across browser restarts In your web.xml file, add the following block: <webapp> ... <!-- Define the default session timeout for your application, in minutes. From a servlet or JSP page, you can modify the timeout for a particular session dynamically by using HttpSession.setMaxInactiveInterval(). --> <session-config> <session-timeout>30</session-timeout> <!-- session times out after 30 minutes --> </session-config> ... </webapp> As indicated in the comments, check the documentation for HttpSession.setMaxInactiveInterval. The documentation states that a negative value indicates that the session does not timeout (though according to BEA WebLogic documentation, -2 means to use the session descriptor declared in the weblogic.xml (aka server.xml) file. At 14:09 2003-02-04, you wrote: >In Tomcat 4.0, is it possible to configure if a session is lost when the >browser window is closed, or if the user's session persists across browser >restarts? > >In some other languages, it was possible to take the session cookies and set >their timeout to a value of 0 or -1 and this would make the cookies get >cleared when the browser window was closed. How do you configure this in >Tomcat? > >Ian. Sean Dockery [EMAIL PROTECTED] Certified Java Web Component Developer Certified Delphi Programmer SBD Consultants http://www.sbdconsultants.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Sean Dockery [EMAIL PROTECTED] Certified Java Web Component Developer Certified Delphi Programmer SBD Consultants http://www.sbdconsultants.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
