tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: How to set session properties in Tomact
Date Thu, 28 Sep 2000 17:27:15 GMT
sanjeev c joshi wrote:

> Hi,
> I want to know how to set the  various session properites in  Tomcat.
> The web.xml  talks about only  session-timeout. But I want to set some
> more parameters like  maxage,
> secure,sessionpath,domain,comment...........etc, which  are  very
> critical.

Servlet containers set the maximum age to "delete when the browser is
closed".  This is a good thing, because it means the browser won't bother
to write the session ID cookie out to disk where it can be snooped easily.

Likewise, the servlet container will set the domain and path to point back
at the same server and webapp that sent the cookie in the first place.
You don't need to worry about it.

> -----------existing  web.xml----------------
>  <session-config>
>         <session-timeout>
>             30
>         </session-timeout>
>     </session-config>
> --------------------------------------------
> Any quick help , I would be really grateful........

It's also important to note that cookies are *not* the only way to
maintain sessions.  Any additional configuration that is cookie specific
would not be generally useful.

The whole idea of container-managed sessions is that *how* they are
maintained should be totally transparent to your application, and should
be portable across servlet containers.

> Thanks in advance.
> regards
> --Joshi

Craig McClanahan

See you at ApacheCon Europe <>!
Session VS01 (23-Oct 13h00-17h00):  Sun Technical Briefing
Session T06  (24-Oct 14h00-15h00):  Migrating Apache JServ
                                    Applications to Tomcat

View raw message