tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <j...@kewlstuff.co.za>
Subject Re: Where to find session cookies
Date Thu, 28 Jun 2007 17:42:39 GMT
Every1 is right... just that the original op was having a little difficulty 
with the concept.
Need to read the whole thread to make sense of it...

----- Original Message ----- 
From: "Christopher Schultz" <chris@christopherschultz.net>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Thursday, June 28, 2007 3:13 PM
Subject: Re: Where to find session cookies


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Johnny,
>
> Johnny Kewl wrote:
>> I think they actually referring to Session cookies, and making Tomcat
>>  never timeout a session.
>
> TC will eventually timeout a session unless it is still in use. Just
> because the cookie has no expiration doesn't mean that the session has
> no expiration.
>
> If the session is in use, there's no sense in expiring it. If you have
> many in-use sessions and you run out of memory, then you haven't done
> your capacity planning properly.
>
>> So I think that if attributes and session beans never ever die, they
>> will eventually amass a major amount of memory...
>
> "Session beans" aren't necessarily tied to a user's session in the
> servlet API sense. If you mean "beans in the session", see above...
>
>> in the ops first question he was asking about session timeouts... and
>> making them last forever.
>
> I must have totally missed that. I'll bet there's no way to make a
> session last forever.
>
> A "don't log me out, ever" setting on a webapp usually works outside of
> the session management provided by the container, but also works with
> it. The browser sends a "keep me logged-in" cookie to the server, and if
> the user is not currently logged-in, you perform an "automatic login"
> which does not require credentials but still gives you a session.
>
> This gives the user the illusion of a session that never expires but, of
> course, the session /does/ expire so that the server doesn't explode
> with non-expiring sessions.
>
> If app servers kept sessions indefinitely, they would crash every day :(
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGg7P39CaO5/Lv0PARAiolAJ487UXXyHzyGVP4CCqFmUQ/hE9ARwCeMX5T
> hQgKjZOHiXjNIqbKHpVulaY=
> =zJiM
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message