>... these cookies are by default around for the lifetime of a browser
>window (session)
>and are only available to that one window...
the session cookie is also available to all child windows of the window
that establishes the session
>client... Problems arise when one has an application that can
>span multiple
>windows, as session cookies are only visible to the window in
>which they
>were created.
this is only a problem if the user opens up multiple windows themselves,
not if the application opens up multiple windows. Try the following:
Login to your application and go to a page that requires that you logged
in. from the file menu (IE) select new > window. Observe that the new
window is "logged in"
>
>If the container was to use persistent cookies to track the
>clients session
>instead of the in-memory session cookies, one would think
>multiple browser
>windows could participate in the same session...
>
>Is there some inherent problem with using persistent cookies
>for tracking a
>user session? I must be missing something, but I'm not sure what....
>
Using the session cookie leverages the servlet container's ability to
establish and track sessions. Setting persistent cookies has to be
handled yourself and while is not impossible, is cumbersome and
redundant. Nothing precludes you from setting your own persistent cookie
on Login and parsing the persistent cookies in a sessionvalidator for
every request that is made without a logged in user.
Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
