For the application in question, the following configuration is being used for the webapp's session:
<session-config enable-cookies='true' enable-url-rewriting='true' cookie-max-age='30m'/> On Thursday, August 19, 2010 at 1:00:20 PM, for example, the web browser navigates to the application and gets the session cookie; the cookie has an expiry date of Thursday, August 19, 2010 1:30:20 PM. (If cookie-max-age were not set, the cookie would instead show that it will expire at the end of the session.) The user is never idle, making regular requests thus keeping the session on the server alive. However the timestamp on the JSESSIONID cookie in the browser never changes; it remains set to Thursday, August 19, 2010 1:30:20 PM. At 1:30:20 PM, the cookie expires, the browser discards it and no longer sends the session cookie info with its requests and the connection to the session is lost; the user has to log back in again. This has been seen in resin 2 and resin 3. So the question is: When setting cookie-max-age in an app's session-config, should we be seeing the expiry date for the session cookie in the browser update when the browser sends a request and receives a new response from the server or is what is described above the expected behavior? Sorry for the long example there... -----Original Message----- From: resin-interest-boun...@caucho.com [mailto:resin-interest-boun...@caucho.com] On Behalf Of Alex Sent: Thursday, August 19, 2010 12:37 PM To: General Discussion for the Resin application server Subject: Re: [Resin-interest] Cookie lifetime > > For the persistent session, the timeout is based on access time. So each new request resets the timer for the default 30min. > > Is he referring to the actual session object on the server or the session cookie in the browser? Yes, each new request does reset the timer on the session object on the server, but we are not seeing the expiry date on the cookie being updated. It's a session cookie, and as long as it expires on the server the contract established via the cookie becomes invalid as soon as the server 'thinks' cookie is no longer valid. Alex > I have tested this on a server using IE8, Firefox 3.6, and the latest Chrome build with Resin running solo and with Apache running as the front end, and the results are the same in all browsers. > > When setting cookie-max-age in the session-config for the web app, the expiry date/time for the session's persistent cookie does not change on subsequent requests. I also verified that this behavior is exhibited. > > _______________________________________________ > resin-interest mailing list > resin-interest@caucho.com > http://maillist.caucho.com/mailman/listinfo/resin-interest _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest