The very first time I visit my service( register ), the servlet create a new session. and then, I visite other web site( such as www.yahoo.com ), and then go back to my service, the session still exists( session can be extracted from request object ), that is to say, the service still recognised me. But after I closed IE, and then visited the service again, the session extracted was null, the service did not recognised me any longer! I want the performance, that after you have registered within the service, whenever you visit it again, you will be recognized by the service. Who can tell me what should I do? Thanks in advance!
The cookie that is used to hold a sessionID only lives during one browser session - as a security measure. As bhart says, you have to write your own cookie with a longer lifespan in order to identify a user who comes back with a new browser session. There is a nice discussion in the Cookie JavaDocs. Bill
If the browser does not support cookies, or if cookies are disabled, you can still enable session tracking using URL rewriting.There is some method that allows you to check, if the cookies are enabled or not.
Originally posted by bhart nagpal: If the browser does not support cookies, or if cookies are disabled, you can still enable session tracking using URL rewriting.There is some method that allows you to check, if the cookies are enabled or not.
Will URL re-writing give you the facility of auto-login [ July 16, 2003: Message edited by: Ravish Kumar ]
"Thanks to Indian media who has over the period of time swiped out intellectual taste from mass Indian population." - Chetan Parekh
The advise about URL re-writing that can provide automatic login is incorrect. A session only lives for a short amount of time. I believe the default is an hour. The only way I know that you do what you want to do is if cookies are enabled on the client browser and you write a cookie. Any Java book that talks about servlets will talk about the session. I would encourage you to read about it. You will then understand how it works. It wasn't designed to be a long living session, if the person closes their browser, the session is over. Jay [ July 18, 2003: Message edited by: Jay Sissom ]
Yes, session life is settable, but the original problem had to do with the lifetime of the cookie containing the sessionID on the browser side. I suppose you could do "automatic login" without cookies IF you bookmarked a re-written URL that contained the login parameters. Bill
If the sessionID cookie survived beyond one browser session, it would create a security hole - anybody could fire up your browser, go to the last URL and resume your session if they did it within 30 minutes. Bill
We've gotta get close enough to that helmet to pull the choke on it's engine and flood his mind! Or, we could just read this tiny ad: