Forums Register Login

How to set JSESSIONID's maxAge?

+Pie Number of slices to send: Send
Hi ranchers,

I want to make the JSESSIONID cookie to stay alive after the brower shuts down.
I think I should invoke the JSESSIONID's setMaxAge(time), but how can I do it?
The session and JSESSIONID cookie are generated automatically by getSession(), I just cannot setMaxAge BEFORE add the cookie.

Thank you for your light on it in advance.
William
+Pie Number of slices to send: Send
Cookie cookie = new Cookie("username", name) ;
cookie.setMaxAge(30*60);
res.addCookie(cookie);
+Pie Number of slices to send: Send
No, Max, I wanna set the JSESSIONID's maxAge.
The JSESSIONID cookie is generated automatically, so i don't know how to set it.

Thankyou.
+Pie Number of slices to send: Send
What's the use of keeping the JSESSIONID if the session if actually destroyed after shutdown ? Keeping the cookie alive will not persist the session.
Maybe you should check your container's documentation about session persistence (Tomcat serializes the session by default)
+Pie Number of slices to send: Send
Hi Satou,
What i want to do is to guarantee that:
When the client shuts down his browser (and before the session expires), he comes back, opens his browser, and visits the server, the server(keeping the session) could recognize him by his JSESSIONID cookie.
I want the client's browser to keep the JSESSIONID cookie even if the browser shuts down. I dont know how.

OR you mean:
Session is only available when the browser is ON, when the browser shuts down this session is not available any longer, although on the server the session object may still be alive?

Thank you,
William.
[ November 14, 2006: Message edited by: William Yan ]
+Pie Number of slices to send: Send
What I mean is that the JSESSIONID is just an ID used by the server to retrieve the session. Even if you keep the JSESSIONID cookie, the container may destroy the session on shutdown. So you get the cookie back, but it refers to nothing.
What you want to do is called session persistence. It's container specific, so you should refer to your container's doc to know how to do it. You should not mess with the JSESSIONID cookie

http://tomcat.apache.org/tomcat-5.5-doc/config/manager.html
+Pie Number of slices to send: Send
OK Satou,
I will refer to the doc, and I still have something confused,
I'd like to ask new question later.
Thank you all the same.
+Pie Number of slices to send: Send
Hi Satou,

I mean when the session has not expired, but the client shuts down the BROWSER, the cookie will be lost. How can I keep it alive because the session is STILL alive on the SERVER.

If that is not clear, please see my story,
I put session.setMaxInactiveInterval(3 * 60); in my servlet.
That means if the client don't visit the server again in 3 mins, the session will be abandoned on the server. YES?

First, i start Tomcat and visit the servlet, a session is generated and I get the JSESSIONID cookie in my browser. And if I revisit the server(don't shut down my browser) in 3 mins, the server will recognize me. All is right.

Second, i copy the JSESSIONID number and shut down my browser, revisit the server, then the server cannot recognize me because my JSESSIONID has been lost in the browser.

Third, i put ";jsessionid=123..456" at the end of the address(the number is copied in step 2) and visit the server. The server can recognize me(the 3 mins' session has not expired)! That means the session is still there on the server, but i cannot find the JSESSIONID cookie since i shut down my browser.

I just wanna keep the JSESSEIONID cookie ALIVE, because the session has not expired, EVEN IF the BROWSER is shut down and restarted.

Could you please drop me a light on it?
Thank you.
+Pie Number of slices to send: Send
Thank you Vivek, I will try.
+Pie Number of slices to send: Send
Unfortunately that will not help much .. you would have to do a lot of work after that too ....like creating the new session object from the attributes of the old one ...

I deleted my post when i realized this , but not before you had read it ....

btw , try this... just create a new cookie JSESSIONID with the value of the session id retrieved from the other cookie
+Pie Number of slices to send: Send
Hi Vivek,
I think it will work(use another cookie to store session id, and maintain a map keeping cookie-session pair).

But where should i maintain the map is another question, and may it be a little too complicated?

So the final question is, "Is there any simple way to let the browser keep the cookie, so that the client could be recognized by the server as long as the session is not expired whatever he shut down the browser or not? "
+Pie Number of slices to send: Send
 

I think it will work(use another cookie to store session id, and maintain a map keeping cookie-session pair).



But when user will make a new request after opening browser again, the server will start a new session for him(a new HttpSession Object will be created). So even though we know what was the session id of his previous session how can we enforce container to give us same session object ?
+Pie Number of slices to send: Send
To maintain the Map .... you can use a HttpSessionListener

add an entry to the map when sessionCreated is called
and remove the entry from the map when sessionDestroyed is called on the session expiry .....

HTH
+Pie Number of slices to send: Send
Hi William,

Try this code


When I ran it for first time , I got two JSESSIONID cookies , one with max age as -1 and the other with max age as 5 min. Also ses.isNew() was true

Tnen I shut down the browser and lauched it again . I saw that I had only one cookie , the one with max age as 5 min . The other was deleted by the browser . When I hit the web app again , I got the same session back , ses.isNew() was false

Hope this will resolve your problem
+Pie Number of slices to send: Send
Nice Solution Vivek

But when user will make a new request after opening browser again, the server will start a new session for him(a new HttpSession Object will be created). So even though we know what was the session id of his previous session how can we enforce container to give us same session object ?



I was thinking that we are talking about storing session id in a different cookie. Well just for curiosity: Is it possible that we store session id in a different cookie and still get the same session?
+Pie Number of slices to send: Send
Well if we store it in a diferrent cookie , a new session will be created ...
thats why we need to use JSESSIONID cookie
+Pie Number of slices to send: Send
Thank you, really appreciate for your replys.
+Pie Number of slices to send: Send
No, Max, I wanna set the JSESSIONID's maxAge

the session cookie gets destoryed as soon as the user closes his browser window or quits the session.this is the defauilt behavioir of the seesion cookie.

i dont think you can override this behaviour
may we can TRY to do so by saying



will this work ?
+Pie Number of slices to send: Send
Hi Niranjan,
When the client visit the servlet for the first time, and shuts down his browser, the session cookie will be lost. How can we get that cookie again, and set it?
+Pie Number of slices to send: Send
hmm...that was a good catch.

in that case vivek's code should work, as it has a USER DEFIED COOKIE that
is a session cookie in disguise.

Cookie cookie = new Cookie("JSESSIONID", ses.getId());
+Pie Number of slices to send: Send


I have a doubt reagrds this code. Will it really set the max age of cookie at client side too. or we will need to send it again to browser (using response.addCookie()). If we need to send it again then this would be exactly what Vivek is doing.

Please correct me if I am wrong.
+Pie Number of slices to send: Send
I know this is an old question, but if anyone else is looking for this information:

In Servlet 3.0, this can simply be specified in the web.xml:
Space seems cool in the movies, but once you get out there, it is super boring. Now for a fascinating tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 15137 times.
Similar Threads
Problem related to cookies
Do Session get invalidated when we close the browser
cookie explanation
cookies
Problem in Servlet Session
Why session destroyed when browser closed
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 23:24:58.