cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Markus Heussen" <>
Subject RE: Session Handling: Unlimited Session duration
Date Thu, 22 Apr 2004 14:50:43 GMT
Thanks Upayavira for your hints :-) I will do it like you said.


> -----Original Message-----
> From: Upayavira
> Sent: Thursday, April 22, 2004 4:33 PM
> To:
> Subject: Re: Session Handling: Unlimited Session duration
> Markus Heussen wrote:
> >Hi!
> >
> >For my application I need an unlimited session. The users should
> never login
> >a second time if they once did it. I use the Cocoon
> authentication framework
> >to control the users access.
> >
> >How can I set an unlimited session duration even if the user closes his
> >browser? I tried it with
> cocoon.session.setMaxInactiveInterval(-1) within my
> >login function directly after the authentication. The Cocoon docs under
> >
t says "...
>A negative time indicates the session should never timeout.".
>But if I close my browser and reopen it I have to authenticate again. Why?
>Is there something to do in the servlet environment? Or must I force cookie
>session handling? And if yes, how can I do this?
There's a difference between 'timeout' of a session and 'loss'. Closing
and reopening the browser will always create a new session. That's just
how sessions work.

What I think you need to do is store a cookie on the client's browser,
and use that to log the user back in automatically when they come in
without a session.

I'm not sure of what the effect on memory is of switching the session
timeout off - your servlet container might then hold on to sessions
forever, and could run out of memory. I'd suggest you leave the session
timeout as is, and just use a persistent cookie to relog them in if the
session does die.

Regards, Upayavira

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message