• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to set JSESSIONID's maxAge?

 
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi ranchers,

I want to make the JSESSIONID cookie to stay alive after the brower shuts down.
I think I should invoke the JSESSIONID's setMaxAge(time), but how can I do it?
The session and JSESSIONID cookie are generated automatically by getSession(), I just cannot setMaxAge BEFORE add the cookie.

Thank you for your light on it in advance.
William
 
Ranch Hand
Posts: 563
Google Web Toolkit Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Cookie cookie = new Cookie("username", name) ;
cookie.setMaxAge(30*60);
res.addCookie(cookie);
 
William Yan
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, Max, I wanna set the JSESSIONID's maxAge.
The JSESSIONID cookie is generated automatically, so i don't know how to set it.

Thankyou.
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What's the use of keeping the JSESSIONID if the session if actually destroyed after shutdown ? Keeping the cookie alive will not persist the session.
Maybe you should check your container's documentation about session persistence (Tomcat serializes the session by default)
 
William Yan
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Satou,
What i want to do is to guarantee that:
When the client shuts down his browser (and before the session expires), he comes back, opens his browser, and visits the server, the server(keeping the session) could recognize him by his JSESSIONID cookie.
I want the client's browser to keep the JSESSIONID cookie even if the browser shuts down. I dont know how.

OR you mean:
Session is only available when the browser is ON, when the browser shuts down this session is not available any longer, although on the server the session object may still be alive?

Thank you,
William.
[ November 14, 2006: Message edited by: William Yan ]
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What I mean is that the JSESSIONID is just an ID used by the server to retrieve the session. Even if you keep the JSESSIONID cookie, the container may destroy the session on shutdown. So you get the cookie back, but it refers to nothing.
What you want to do is called session persistence. It's container specific, so you should refer to your container's doc to know how to do it. You should not mess with the JSESSIONID cookie

http://tomcat.apache.org/tomcat-5.5-doc/config/manager.html
 
William Yan
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK Satou,
I will refer to the doc, and I still have something confused,
I'd like to ask new question later.
Thank you all the same.
 
William Yan
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Satou,

I mean when the session has not expired, but the client shuts down the BROWSER, the cookie will be lost. How can I keep it alive because the session is STILL alive on the SERVER.

If that is not clear, please see my story,
I put session.setMaxInactiveInterval(3 * 60); in my servlet.
That means if the client don't visit the server again in 3 mins, the session will be abandoned on the server. YES?

First, i start Tomcat and visit the servlet, a session is generated and I get the JSESSIONID cookie in my browser. And if I revisit the server(don't shut down my browser) in 3 mins, the server will recognize me. All is right.

Second, i copy the JSESSIONID number and shut down my browser, revisit the server, then the server cannot recognize me because my JSESSIONID has been lost in the browser.

Third, i put ";jsessionid=123..456" at the end of the address(the number is copied in step 2) and visit the server. The server can recognize me(the 3 mins' session has not expired)! That means the session is still there on the server, but i cannot find the JSESSIONID cookie since i shut down my browser.

I just wanna keep the JSESSEIONID cookie ALIVE, because the session has not expired, EVEN IF the BROWSER is shut down and restarted.

Could you please drop me a light on it?
Thank you.
 
William Yan
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you Vivek, I will try.
 
Ranch Hand
Posts: 245
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Unfortunately that will not help much .. you would have to do a lot of work after that too ....like creating the new session object from the attributes of the old one ...

I deleted my post when i realized this , but not before you had read it ....

btw , try this... just create a new cookie JSESSIONID with the value of the session id retrieved from the other cookie
 
William Yan
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Vivek,
I think it will work(use another cookie to store session id, and maintain a map keeping cookie-session pair).

But where should i maintain the map is another question, and may it be a little too complicated?

So the final question is, "Is there any simple way to let the browser keep the cookie, so that the client could be recognized by the server as long as the session is not expired whatever he shut down the browser or not? "
 
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I think it will work(use another cookie to store session id, and maintain a map keeping cookie-session pair).



But when user will make a new request after opening browser again, the server will start a new session for him(a new HttpSession Object will be created). So even though we know what was the session id of his previous session how can we enforce container to give us same session object ?
 
Vikrant Pandit
Ranch Hand
Posts: 245
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
To maintain the Map .... you can use a HttpSessionListener

add an entry to the map when sessionCreated is called
and remove the entry from the map when sessionDestroyed is called on the session expiry .....

HTH
 
Vikrant Pandit
Ranch Hand
Posts: 245
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi William,

Try this code


When I ran it for first time , I got two JSESSIONID cookies , one with max age as -1 and the other with max age as 5 min. Also ses.isNew() was true

Tnen I shut down the browser and lauched it again . I saw that I had only one cookie , the one with max age as 5 min . The other was deleted by the browser . When I hit the web app again , I got the same session back , ses.isNew() was false

Hope this will resolve your problem
 
Arvind Giri
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Nice Solution Vivek

But when user will make a new request after opening browser again, the server will start a new session for him(a new HttpSession Object will be created). So even though we know what was the session id of his previous session how can we enforce container to give us same session object ?



I was thinking that we are talking about storing session id in a different cookie. Well just for curiosity: Is it possible that we store session id in a different cookie and still get the same session?
 
Vikrant Pandit
Ranch Hand
Posts: 245
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well if we store it in a diferrent cookie , a new session will be created ...
thats why we need to use JSESSIONID cookie
 
William Yan
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you, really appreciate for your replys.
 
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, Max, I wanna set the JSESSIONID's maxAge

the session cookie gets destoryed as soon as the user closes his browser window or quits the session.this is the defauilt behavioir of the seesion cookie.

i dont think you can override this behaviour
may we can TRY to do so by saying



will this work ?
 
William Yan
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Niranjan,
When the client visit the servlet for the first time, and shuts down his browser, the session cookie will be lost. How can we get that cookie again, and set it?
 
Niranjan Deshpande
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hmm...that was a good catch.

in that case vivek's code should work, as it has a USER DEFIED COOKIE that
is a session cookie in disguise.

Cookie cookie = new Cookie("JSESSIONID", ses.getId());
 
Arvind Giri
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


I have a doubt reagrds this code. Will it really set the max age of cookie at client side too. or we will need to send it again to browser (using response.addCookie()). If we need to send it again then this would be exactly what Vivek is doing.

Please correct me if I am wrong.
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I know this is an old question, but if anyone else is looking for this information:

In Servlet 3.0, this can simply be specified in the web.xml:
reply
    Bookmark Topic Watch Topic
  • New Topic