Win a copy of OCP Oracle Certified Professional Java SE 11 Developer Practice Tests this week in the OCP forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Ron McLeod
  • Tim Cooke
Sheriffs:
  • Devaka Cooray
  • paul wheaton
  • Mark Herschberg
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Frits Walraven
  • Jj Roberts
Bartenders:
  • Carey Brown
  • salvin francis
  • Piet Souris

session vanishes after IE closed???

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The very first time I visit my service( register ), the servlet create a new session.
and then, I visite other web site( such as www.yahoo.com ), and then go back to my service, the session still exists( session can be extracted from request object ), that is to say, the service still recognised me.
But after I closed IE, and then visited the service again, the session extracted was null, the service did not recognised me any longer!
I want the performance, that after you have registered within the service, whenever you visit it again, you will be recognized by the service. Who can tell me what should I do?
Thanks in advance!
 
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
you can use write some information on client's machine at some temporary location. you can use cookies for this. When I visit JavaRanch, I don't have to sign in again n again and it automatically reads info from my machine.
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The cookie that is used to hold a sessionID only lives during one browser session - as a security measure. As bhart says, you have to write your own cookie with a longer lifespan in order to identify a user who comes back with a new browser session. There is a nice discussion in the Cookie JavaDocs.
Bill
 
wei wu
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks a lot!
But some people may choose to enable Coocies, some people may disable! As to people who disable Coocies, How can they log in Javaranch automatically???
 
bharat nagpal
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If the browser does not support cookies, or if cookies are disabled, you can still enable session tracking using URL rewriting.There is some method that allows you to check, if the cookies are enabled or not.
 
Ranch Hand
Posts: 5397
1
Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by bhart nagpal:
If the browser does not support cookies, or if cookies are disabled, you can still enable session tracking using URL rewriting.There is some method that allows you to check, if the cookies are enabled or not.


Will URL re-writing give you the facility of auto-login
[ July 16, 2003: Message edited by: Ravish Kumar ]
 
bharat nagpal
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
yup . you are write, without writing anything on client , I won't be able to log in automatically.
But normal session tracking can be done with url rewriting.
 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The advise about URL re-writing that can provide automatic login is incorrect.
A session only lives for a short amount of time. I believe the default is an hour.
The only way I know that you do what you want to do is if cookies are enabled on the client browser and you write a cookie.
Any Java book that talks about servlets will talk about the session. I would encourage you to read about it. You will then understand how it works. It wasn't designed to be a long living session, if the person closes their browser, the session is over.
Jay
[ July 18, 2003: Message edited by: Jay Sissom ]
 
Ranch Hand
Posts: 1056
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Isn't the seesion timeout settable, both via web.xml and via the method HttpSession.setMaxInactiveInterval() ?
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, session life is settable, but the original problem had to do with the lifetime of the cookie containing the sessionID on the browser side.
I suppose you could do "automatic login" without cookies IF you bookmarked a re-written URL that contained the login parameters.
Bill
 
Ron Newman
Ranch Hand
Posts: 1056
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I had expected that the cookie lifetime would match the session lifetime; I'm surprised that it doesn't.
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If the sessionID cookie survived beyond one browser session, it would create a security hole - anybody could fire up your browser, go to the last URL and resume your session if they did it within 30 minutes.
Bill
 
We've gotta get close enough to that helmet to pull the choke on it's engine and flood his mind! Or, we could just read this tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic