SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
Lukas Smith wrote:
If you set session's timelife on -1, that session will live forever.
.
SCJP 5.0 SCWCD 5.0
In same chapter it is stated about cookies that:
"By default cookie lives only as long session. Once client quits the browser, cookie disappears."
Does that mean a session is destroyed when client quits the browser?
SCJP 5, SCWCD 5
"By default cookie lives only as long session. Once client quits the browser, cookie disappears."
SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
Lukas Smith wrote:avi please try to set session's timelife using method invocation from session's object.
SCJP 5.0 SCWCD 5.0
SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Ankit Garg wrote:....how do you know that the session is destroyed when the browser is closed?? Did you create a SessionListener to see if the session is actually destroyed?? . ....
Thanks,
Chandan Kumar
SCJP 5 , SCWCD 5
Regards
Salil Verma
Ankit Garg wrote:Avi, how do you know that the session is destroyed when the browser is closed?? Did you create a SessionListener to see if the session is actually destroyed??
Why are you actually creating the reference a1?? You're not using it
SCJP 5.0 SCWCD 5.0
avi sinha wrote:if the session is null here then i can say that session was destroyed. am i right ???
SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
if the session is null here then i can say that session was destroyed. am i right ???
Regards
Salil Verma
priya rishi wrote:hello chandan, check your browser cookies - enabled.
Thanks,
Chandan Kumar
SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
SCJP 5.0 SCWCD 5.0
SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Ankit Garg wrote:You can extract the JSESSIONID cookie from the request object (i.e. get the array of cookies and find the one with the name JSESSIONID) and then set its max age to a large value. This way it will persist even after browser restart. Generally you'll not need to use JSESSIONID cookie as there's generally no need to persist a session for infinite time. For sites that have a feature like "Keep me logged in for 2 weeks" etc, they set a different cookie on the client machine (which persists for 2 weeks) to identify the user. The session gets invalidated after some time but when a new request is sent to the site, the client is identified using the custom cookie and a new session is created for the client...
SCJP 5.0 SCWCD 5.0
For sites that have a feature like "Keep me logged in for 2 weeks" etc, they set a different cookie on the client machine (which persists for 2 weeks) to identify the user. The session gets invalidated after some time but when a new request is sent to the site, the client is identified using the custom cookie and a new session is created for the client...
Regards
Salil Verma
Salil Vverma wrote:Hey Ankit,
For sites that have a feature like "Keep me logged in for 2 weeks" etc, they set a different cookie on the client machine (which persists for 2 weeks) to identify the user. The session gets invalidated after some time but when a new request is sent to the site, the client is identified using the custom cookie and a new session is created for the client...
I believe, the client related information is stored in session not in cookie. Could you please explain how can an application identify a client just by cookie when the session is invalidated.
SCJP 5.0 SCWCD 5.0
SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
Lukas Smith wrote:We close the browser. We can assume that session and cookie are alive. We request the same URL. So is there any binding between URL and cookie?
SCJP 5.0 SCWCD 5.0
SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
SCJP 5.0 SCWCD 5.0
SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Regards
Salil Verma
Salil Vverma wrote:I think, that is how they set the max age of cookie and session, in those application, which gives user a functionality to keep logged in for user specific time like 2 weeks.
SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Ankit Garg wrote:As I said earlier, if you set the maximum interval of the session to a value, that doesn't change the age of the cookie. The JSESSIONID cookie has the default age of -1 that is till the browser is open. You'll have to manually set the age of the JSESSIONID cookie to make it persist a browser restart...
Lukas Smith wrote:
I set:
c[0].setMaxAge(20*60); //c[0] is JSESSIONID cookie
And I saw in Firefox that JSESSIONID cookie is valid till the end of the session. I do not understand that.
Moreover I set the max inactive interval of the session: 20*60 and I set that Firefox will not delete any cookies.
After I close the browser - despite that facts - cookie is deleted and new session is created.
SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
Lukas Smith wrote:OK, I have solved the problem
![]()
After that there are two cookies in my browser. After reopening - there is the only one.
What do you think?
SCJP 5.0 SCWCD 5.0
SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
Lukas Smith wrote:After closing my browser the container uses the second cookie and everything works OK
SCJP 5.0 SCWCD 5.0
Ankit Garg wrote: I suppose this is container specific...
SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
Consider Paul's rocket mass heater. |