Re: Setting and Reading Cookies in JSP

Fri, 3 Sep 1999 07:14:52 -0700 

Eoin Curran wrote:

> The cookies used to track sessions disappear once the browser is closed (For
> Jrun, anyway).  So If you need to use a cookie to recognize a user returning
> to your site, this solution will not work.
>
> It is a nice way to work things though. Maybe the way that the session
> variable works (implementation not specified) could be extended to a
> long-living session type object. Then the details of how the cookies are
> used could be implemented by the servlet engine?

According to the JSP 1.x specs, the implicit <% session %> object maps to an
Interface: javax.servlet.http.HttpSession of which you can call:

public void setMaxInactiveInterval(int interval)

     Specifies the maximum length of time, in seconds, that the servlet engine
keeps this session if no user requests have been made of the session.
     Parameters:
          interval - An integer specifying the number of seconds

Sessions that are persistant even after the browser is closed depends on two
factors:
1) Client side cookies are not purged or expired
2) Server side session is not invalidated

A sensible JSP engine implementation of setMaxInactiveInterval(int interval) would
be to send a cookie to the client that expires in interval seconds, and keep a weak
reference to the session object for at least interval seconds, which would enable
long-term sessions that persist after browser-closings provided that the server is
not under low memory conditions.

Since HTTP is stateless, browsers do not send events to servers notifying that they
are being closed; hence sessions are time based and should persist beyond
browser-closings.  If session.setMaxInactiveInterval(int interval) does not work,
verify that the client has cookies enabled (ie: this technique will not work for
URL rewriting, one of the reasons why cookies are generally preferred over
rewriting), or notify your JSP/servlet vendor of a possible implementation bug.

--
Michael Hu, Paradox Team, Corel Corporation

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html

Reply via email to