Hi!There's a difference between 'timeout' of a session and 'loss'. Closing and reopening the browser will always create a new session. That's just how sessions work.
For my application I need an unlimited session. The users should never login a second time if they once did it. I use the Cocoon authentication framework to control the users access.
How can I set an unlimited session duration even if the user closes his browser? I tried it with cocoon.session.setMaxInactiveInterval(-1) within my login function directly after the authentication. The Cocoon docs under http://cocoon.apache.org/2.1/userdocs/flow/api.html#Session+Object says "... A negative time indicates the session should never timeout.".
But if I close my browser and reopen it I have to authenticate again. Why?
Is there something to do in the servlet environment? Or must I force cookie
session handling? And if yes, how can I do this?
What I think you need to do is store a cookie on the client's browser, and use that to log the user back in automatically when they come in without a session.
I'm not sure of what the effect on memory is of switching the session timeout off - your servlet container might then hold on to sessions forever, and could run out of memory. I'd suggest you leave the session timeout as is, and just use a persistent cookie to relog them in if the session does die.
Regards, Upayavira
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
