tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Session cookie max age
Date Thu, 14 Jul 2011 14:54:24 GMT
Konstantin Kolinko wrote:
> 1) Updating it with every response sounds lame.
> 2) max-age value should be consistent between all web applications
> that might share the session cookie.
> Otherwise there will be inconsistencies and breakages.
Are you not confusing "max-age" with "last access" ?

The expiration of a cookie (like the expiration of a session), in my view should be 
calculated on the base of :
last access + max-age, compared to "now"

And then, there is the question of whether "last access" should be updated when the 
request is received, or when the response is sent.
(Apparently the Servlet Spec has things to say on the matter, and some recently added 
Tomcat properties also).

There was another thread recently debating similar issues, in the context of long file 
upload requests.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message