Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 4485 invoked from network); 28 Jun 2007 13:14:18 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Jun 2007 13:14:18 -0000 Received: (qmail 49485 invoked by uid 500); 28 Jun 2007 13:14:06 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 49466 invoked by uid 500); 28 Jun 2007 13:14:06 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 49455 invoked by uid 99); 28 Jun 2007 13:14:06 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Jun 2007 06:14:06 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: local policy) Received: from [63.240.77.85] (HELO sccrmhc15.comcast.net) (63.240.77.85) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Jun 2007 06:14:02 -0700 Received: from [192.168.1.47] (c-68-50-0-179.hsd1.va.comcast.net[68.50.0.179]) by comcast.net (sccrmhc15) with ESMTP id <2007062813134001500j1foee>; Thu, 28 Jun 2007 13:13:41 +0000 Message-ID: <4683B3F8.3040406@christopherschultz.net> Date: Thu, 28 Jun 2007 09:13:28 -0400 From: Christopher Schultz User-Agent: Thunderbird 2.0.0.4 (Windows/20070604) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Where to find session cookies References: <00aa01c7b8e6$aaea2910$0400000a@animal> <01d401c7b8f4$5a8a69e0$0400000a@animal> In-Reply-To: <01d401c7b8f4$5a8a69e0$0400000a@animal> X-Enigmail-Version: 0.95.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Johnny, Johnny Kewl wrote: > I think they actually referring to Session cookies, and making Tomcat > never timeout a session. TC will eventually timeout a session unless it is still in use. Just because the cookie has no expiration doesn't mean that the session has no expiration. If the session is in use, there's no sense in expiring it. If you have many in-use sessions and you run out of memory, then you haven't done your capacity planning properly. > So I think that if attributes and session beans never ever die, they > will eventually amass a major amount of memory... "Session beans" aren't necessarily tied to a user's session in the servlet API sense. If you mean "beans in the session", see above... > in the ops first question he was asking about session timeouts... and > making them last forever. I must have totally missed that. I'll bet there's no way to make a session last forever. A "don't log me out, ever" setting on a webapp usually works outside of the session management provided by the container, but also works with it. The browser sends a "keep me logged-in" cookie to the server, and if the user is not currently logged-in, you perform an "automatic login" which does not require credentials but still gives you a session. This gives the user the illusion of a session that never expires but, of course, the session /does/ expire so that the server doesn't explode with non-expiring sessions. If app servers kept sessions indefinitely, they would crash every day :( - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGg7P39CaO5/Lv0PARAiolAJ487UXXyHzyGVP4CCqFmUQ/hE9ARwCeMX5T hQgKjZOHiXjNIqbKHpVulaY= =zJiM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org