tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mitch Claborn <mi...@claborn.net>
Subject Re: JSESSIONID cookie permanent?
Date Fri, 14 Aug 2009 18:32:09 GMT
I was able to change the expiration on the cookie with a one line change
to org.apache.catalina.connector.Request and it works like I need it to.

What is the official way to request an enhancement to allow this to be
configurable?

mitch


Mitch Claborn wrote:
> The answer is: yes, there are times when the response is already
> committed, so the valve is not a foolproof solution.
>
> mitch
>
>
>
> Mitch Claborn wrote:
>   
>> I was able to get the cookie permanent with a simple valve, code below.
>>
>> Question:  the new cookie will be ignored if the response has already
>> been "committed" (isCommitted()).  In my brief testing, the new cookie
>> is being set, so the response must not be committed.  Is it possible
>> that there might be times when the response IS committed when my valve
>> is invoked, causing the new cookie to be ignored?
>>
>>
>>   public void invoke(Request request, Response response) throws
>> IOException, ServletException {
>>     getNext().invoke(request, response);
>>     for (Cookie c : response.getCookies()) {
>>       if (Globals.SESSION_COOKIE_NAME.equals(c.getName())) {
>>         Cookie l_new = (Cookie) c.clone();
>>         l_new.setMaxAge(Integer.MAX_VALUE);
>>         response.addCookie(l_new);
>>       }
>>     }
>>   }
>>
>>
>> Mitch Claborn
>> 972-954-7341
>> mitch@claborn.net
>>
>>
>>
>>
>> Len Popp wrote:
>>   
>>     
>>> It comes up all the time. The solution is typically to use a separate
>>> cookie and *not* tie the persistent data to the browser session, since
>>> the browser session is transient.
>>> --
>>> Len
>>>
>>>
>>> On Wed, Aug 12, 2009 at 14:54, Mitch Claborn <mitch@claborn.net> wrote:
>>>   
>>>     
>>>       
>>>> If I can't find a another way that's what I'll have to do.  I would be
>>>> surprised that this need doesn't come up more frequently.
>>>>
>>>> Mitch
>>>>
>>>> David Smith wrote:
>>>>     
>>>>       
>>>>         
>>>>> Your best bet is to assign your own cookie.  Then on new session
>>>>> creation, look for the cookie and repopulate the new session with
>>>>> shopping cart data.
>>>>>
>>>>> --David
>>>>>
>>>>> Mitch Claborn wrote:
>>>>>
>>>>>       
>>>>>         
>>>>>           
>>>>>> My usage is:  I store the key to the user's shopping cart in the
>>>>>> session.  I'd like the user to be able to come back a few days from
now
>>>>>> and still find the items they have placed in their shopping cart.
 (This
>>>>>> is mostly for anonymous users who don't sign in until checkout.)
>>>>>>
>>>>>> Mitch
>>>>>>
>>>>>>
>>>>>> Martin Gainty wrote:
>>>>>>
>>>>>>
>>>>>>         
>>>>>>           
>>>>>>             
>>>>>>> anyone know if there is a use-case for sessionId surviving end-of-session?
>>>>>>>
>>>>>>> Martin Gainty
>>>>>>> ______________________________________________
>>>>>>> Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
>>>>>>>
>>>>>>> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder
Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen
und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
>>>>>>> Ce message est confidentiel et peut être privilégié. Si vous
n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite.
Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement
obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation,
nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>           
>>>>>>>             
>>>>>>>               
>>>>>>>> Date: Wed, 12 Aug 2009 12:43:11 -0500
>>>>>>>> From: mitch@claborn.net
>>>>>>>> To: users@tomcat.apache.org
>>>>>>>> Subject: JSESSIONID cookie permanent?
>>>>>>>>
>>>>>>>> Is there a way to make the JSESSIONID cookie issued by Tomcat
permanent,
>>>>>>>> or at least significantly longer life than "end of session"
?
>>>>>>>>
>>>>>>>> Mitch
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>             
>>>>>>>>               
>>>>>>>>                 
>>>>>>> _________________________________________________________________
>>>>>>> Get back to school stuff for them and cashback for you.
>>>>>>> http://www.bing.com/cashback?form=MSHYCB&publ=WLHMTAG&crea=TEXT_MSHYCB_BackToSchool_Cashback_BTSCashback_1x1
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>           
>>>>>>>             
>>>>>>>               
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>         
>>>>>>           
>>>>>>             
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>>>
>>>>>       
>>>>>         
>>>>>           
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>     
>>>>       
>>>>         
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>   
>>>     
>>>       
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>   
>>     
>
>   

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message