-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The session holds information about a series of interactions between the user's browser and the site.
There's not any direct representation of this in the protocols being used, though. HTTP is designed to be a "stateless" protocol. So there has to be some magic happening "under the covers" to make it work. Basically there are two mechanisms for doing this - cookies and URL-rewriting. With cookies, the server sends a session cookie, containing a unique session id, to the browser, which the browser discards when it exits. As long as the browser is running on the user's workstation, all subsequent requests for pages from the same site get the session cookie sent with them. In the URL-rewriting case, all the URLs on the site are dynamically re-written to include the session id. When a page request comes to the server, it checks whether there's an accompanying session id (either as a cookie or in the URL). If not, it assumes this is a brand-new session, generates a new session id, and sends it to the browser. If a session id came with the request, the server resets an internal timer associated with the session. The session object can then keep track of information specific to a given user's visit to the site - not just a single page, but the whole visit. It can be used for lots of things - probably the most obvious and most common is the "shopping cart" for an e-commerce site. When the user chooses an item to purchase from the catalog, the information's stuffed into the session object. It stays there until they either check out or leave the site. Because HTTP is stateless, the server doesn't get any indication when the user just closes their browser (or types in a new URL, or chooses a bookmark, or any other way of leaving the site). We don't want these session objects to hang around forever, though. They take up resources on the server. The session timer indicates how long it's been since the last time a page request came in for that session. The session *timeout* is an upper bound on the session timer. If the session is unused for longer than the session timeout, the server assumes the user left the site, and throws away the session information. - -----Original Message----- From: Jesal Doshi [mailto:[EMAIL PROTECTED]] Sent: Saturday, June 01, 2002 1:39 AM To: Turbine Users List Subject: Re: Session Time Out property not working. Hi Ok so where does the session is used and how ? Regards Jesal Doshi - ----- Original Message ----- From: "Scott Brickner" <[EMAIL PROTECTED]> To: "'Turbine Users List'" <[EMAIL PROTECTED]> Sent: Friday, May 31, 2002 11:14 AM Subject: RE: Session Time Out property not working. > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hm. The session timeout isn't a time-limit on a session. It's a > time-limit on a session that's not actively being used. The timer > is reset every time the user's browser fetches another document > using the session. > > - -----Original Message----- > From: Jesal Doshi [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 31, 2002 9:25 AM > To: [EMAIL PROTECTED] > Subject: Session Time Out property not working. > > > Hi > > I am facing difficulty in setting the session time limit. > I have set the session time out to 30 in turbineResource.properties > file. > But it seems this is not been working as the session is not ending. > > Any one who have come across such issue and tried some solution to > resolve the same, please reply to this query. > > Thanks in advance. > > Regards > > Jesal > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.2 for non-commercial use > <http://www.pgp.com> > > iQA/AwUBPPe8q0pqmA4oA4kCEQJv3QCeJ8N58I4QxjQi5Fd5WdZZqwy5JuIAoOnI > OFfNP2lVumSMwk56IDs4NhHC > =M7kU > -----END PGP SIGNATURE----- > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > - -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBPPkV7EpqmA4oA4kCEQKD1wCgwMrmgmjONURQUiSnGjPuoQRaEPMAn03Q UZe+KoIgrCT1FyxdJH42/Kk7 =E2fR -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
