tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Where to find session cookies
Date Thu, 28 Jun 2007 13:13:28 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johnny,

Johnny Kewl wrote:
> I think they actually referring to Session cookies, and making Tomcat
>  never timeout a session.

TC will eventually timeout a session unless it is still in use. Just
because the cookie has no expiration doesn't mean that the session has
no expiration.

If the session is in use, there's no sense in expiring it. If you have
many in-use sessions and you run out of memory, then you haven't done
your capacity planning properly.

> So I think that if attributes and session beans never ever die, they 
> will eventually amass a major amount of memory...

"Session beans" aren't necessarily tied to a user's session in the
servlet API sense. If you mean "beans in the session", see above...

> in the ops first question he was asking about session timeouts... and
> making them last forever.

I must have totally missed that. I'll bet there's no way to make a
session last forever.

A "don't log me out, ever" setting on a webapp usually works outside of
the session management provided by the container, but also works with
it. The browser sends a "keep me logged-in" cookie to the server, and if
the user is not currently logged-in, you perform an "automatic login"
which does not require credentials but still gives you a session.

This gives the user the illusion of a session that never expires but, of
course, the session /does/ expire so that the server doesn't explode
with non-expiring sessions.

If app servers kept sessions indefinitely, they would crash every day :(

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGg7P39CaO5/Lv0PARAiolAJ487UXXyHzyGVP4CCqFmUQ/hE9ARwCeMX5T
hQgKjZOHiXjNIqbKHpVulaY=
=zJiM
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message