Thanks Upayavira for your hints :-) I will do it like you said. Markus
> -----Original Message----- > From: Upayavira > Sent: Thursday, April 22, 2004 4:33 PM > To: [EMAIL PROTECTED] > Subject: Re: Session Handling: Unlimited Session duration > > > Markus Heussen wrote: > > >Hi! > > > >For my application I need an unlimited session. The users should > never login > >a second time if they once did it. I use the Cocoon > authentication framework > >to control the users access. > > > >How can I set an unlimited session duration even if the user closes his > >browser? I tried it with > cocoon.session.setMaxInactiveInterval(-1) within my > >login function directly after the authentication. The Cocoon docs under > >http://cocoon.apache.org/2.1/userdocs/flow/api.html#Session+Objec t says "... >A negative time indicates the session should never timeout.". > >But if I close my browser and reopen it I have to authenticate again. Why? >Is there something to do in the servlet environment? Or must I force cookie >session handling? And if yes, how can I do this? > > There's a difference between 'timeout' of a session and 'loss'. Closing and reopening the browser will always create a new session. That's just how sessions work. What I think you need to do is store a cookie on the client's browser, and use that to log the user back in automatically when they come in without a session. I'm not sure of what the effect on memory is of switching the session timeout off - your servlet container might then hold on to sessions forever, and could run out of memory. I'd suggest you leave the session timeout as is, and just use a persistent cookie to relog them in if the session does die. Regards, Upayavira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
