Return-Path: 
 <users-return-200341-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 44641 invoked from network); 12 Aug 2009 22:29:52 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 12 Aug 2009 22:29:52 -0000
Received: (qmail 18628 invoked by uid 500); 12 Aug 2009 22:29:55 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 18558 invoked by uid 500); 12 Aug 2009 22:29:55 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 18547 invoked by uid 99); 12 Aug 2009 22:29:55 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Aug 2009 22:29:55 +0000
X-ASF-Spam-Status: No, hits=1.2 required=10.0
	tests=SPF_HELO_PASS,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: 205.234.170.134 is neither permitted
 nor denied by domain of mitch@claborn.net)
Received: from [205.234.170.134] (HELO smtp1.dnsmadeeasy.com)
 (205.234.170.134)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Aug 2009 22:29:44 +0000
Received: from smtp1.dnsmadeeasy.com (unknown [127.0.0.1])
	by smtp1.dnsmadeeasy.com (Postfix) with ESMTP id 9693B1084037
	for <users@tomcat.apache.org>; Wed, 12 Aug 2009 22:29:22 +0000 (UTC)
X-Authenticated-Name: mitch@claborn.net
Received: from [192.168.3.5] (unknown [99.31.199.75])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp1.dnsmadeeasy.com (Postfix) with ESMTPSA
	for <users@tomcat.apache.org>; Wed, 12 Aug 2009 22:29:22 +0000 (UTC)
Message-ID: <4A8341D7.8020600@claborn.net>
Date: Wed, 12 Aug 2009 17:27:35 -0500
From: Mitch Claborn <mitch@claborn.net>
User-Agent: Thunderbird 2.0.0.22 (X11/20090605)
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: JSESSIONID cookie permanent?
References: <4A82FF2F.5060901@claborn.net>
	 <BLU142-W2EE337369007FE9E10A17AE040@phx.gbl>	 <4A830B63.4000603@claborn.net>
 <4A830E59.3030706@cornell.edu>	 <4A830FDE.4050407@claborn.net>
 <497fac690908121200p4924efeud20d89101de85e9b@mail.gmail.com>
In-Reply-To: <497fac690908121200p4924efeud20d89101de85e9b@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org

I was able to get the cookie permanent with a simple valve, code below.

Question:  the new cookie will be ignored if the response has already
been "committed" (isCommitted()).  In my brief testing, the new cookie
is being set, so the response must not be committed.  Is it possible
that there might be times when the response IS committed when my valve
is invoked, causing the new cookie to be ignored?


  public void invoke(Request request, Response response) throws
IOException, ServletException {
    getNext().invoke(request, response);
    for (Cookie c : response.getCookies()) {
      if (Globals.SESSION_COOKIE_NAME.equals(c.getName())) {
        Cookie l_new = (Cookie) c.clone();
        l_new.setMaxAge(Integer.MAX_VALUE);
        response.addCookie(l_new);
      }
    }
  }


Mitch Claborn
972-954-7341
mitch@claborn.net




Len Popp wrote:
> It comes up all the time. The solution is typically to use a separate
> cookie and *not* tie the persistent data to the browser session, since
> the browser session is transient.
> --
> Len
>
>
> On Wed, Aug 12, 2009 at 14:54, Mitch Claborn <mitch@claborn.net> wrote:
>   
>> If I can't find a another way that's what I'll have to do.  I would be
>> surprised that this need doesn't come up more frequently.
>>
>> Mitch
>>
>> David Smith wrote:
>>     
>>> Your best bet is to assign your own cookie.  Then on new session
>>> creation, look for the cookie and repopulate the new session with
>>> shopping cart data.
>>>
>>> --David
>>>
>>> Mitch Claborn wrote:
>>>
>>>       
>>>> My usage is:  I store the key to the user's shopping cart in the
>>>> session.  I'd like the user to be able to come back a few days from now
>>>> and still find the items they have placed in their shopping cart.  (This
>>>> is mostly for anonymous users who don't sign in until checkout.)
>>>>
>>>> Mitch
>>>>
>>>>
>>>> Martin Gainty wrote:
>>>>
>>>>
>>>>         
>>>>> anyone know if there is a use-case for sessionId surviving end-of-session?
>>>>>
>>>>> Martin Gainty
>>>>> ______________________________________________
>>>>> Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
>>>>>
>>>>> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
>>>>> Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>           
>>>>>> Date: Wed, 12 Aug 2009 12:43:11 -0500
>>>>>> From: mitch@claborn.net
>>>>>> To: users@tomcat.apache.org
>>>>>> Subject: JSESSIONID cookie permanent?
>>>>>>
>>>>>> Is there a way to make the JSESSIONID cookie issued by Tomcat permanent,
>>>>>> or at least significantly longer life than "end of session" ?
>>>>>>
>>>>>> Mitch
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>             
>>>>> _________________________________________________________________
>>>>> Get back to school stuff for them and cashback for you.
>>>>> http://www.bing.com/cashback?form=MSHYCB&publ=WLHMTAG&crea=TEXT_MSHYCB_BackToSchool_Cashback_BTSCashback_1x1
>>>>>
>>>>>
>>>>>
>>>>>           
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>>
>>>>         
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>>       
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>     
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>   

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org