Re: Where to find session cookies
Every1 is right... just that the original op was having a little difficulty with the concept. Need to read the whole thread to make sense of it... - Original Message - From: Christopher Schultz [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, June 28, 2007 3:13 PM Subject: Re: Where to find session cookies -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johnny, Johnny Kewl wrote: I think they actually referring to Session cookies, and making Tomcat never timeout a session. TC will eventually timeout a session unless it is still in use. Just because the cookie has no expiration doesn't mean that the session has no expiration. If the session is in use, there's no sense in expiring it. If you have many in-use sessions and you run out of memory, then you haven't done your capacity planning properly. So I think that if attributes and session beans never ever die, they will eventually amass a major amount of memory... Session beans aren't necessarily tied to a user's session in the servlet API sense. If you mean beans in the session, see above... in the ops first question he was asking about session timeouts... and making them last forever. I must have totally missed that. I'll bet there's no way to make a session last forever. A don't log me out, ever setting on a webapp usually works outside of the session management provided by the container, but also works with it. The browser sends a keep me logged-in cookie to the server, and if the user is not currently logged-in, you perform an automatic login which does not require credentials but still gives you a session. This gives the user the illusion of a session that never expires but, of course, the session /does/ expire so that the server doesn't explode with non-expiring sessions. If app servers kept sessions indefinitely, they would crash every day :( - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGg7P39CaO5/Lv0PARAiolAJ487UXXyHzyGVP4CCqFmUQ/hE9ARwCeMX5T hQgKjZOHiXjNIqbKHpVulaY= =zJiM -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where to find session cookies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johnny, Johnny Kewl wrote: True, although I dont know how to make Tomcat do that Do what? nor do I think it should be done, they must expire, or else with time his Tomcat will run out of memory. What are you talking about? Tomcat doesn't store cookies AFAIK. It just sends them to the browser, and the browser is responsible for sending them back when requests are made. Why would TC run out of memory handling cookies? If the cookie has no expiration date, then the browser will not save it beyond the current session. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGg7JP9CaO5/Lv0PARAhhvAJ9l7HfOchLvwCdRNtho6jkPgK267gCfYB5n iKPnatZgk3BHukef6w9jdZU= =vblU -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where to find session cookies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johnny, Johnny Kewl wrote: I think they actually referring to Session cookies, and making Tomcat never timeout a session. TC will eventually timeout a session unless it is still in use. Just because the cookie has no expiration doesn't mean that the session has no expiration. If the session is in use, there's no sense in expiring it. If you have many in-use sessions and you run out of memory, then you haven't done your capacity planning properly. So I think that if attributes and session beans never ever die, they will eventually amass a major amount of memory... Session beans aren't necessarily tied to a user's session in the servlet API sense. If you mean beans in the session, see above... in the ops first question he was asking about session timeouts... and making them last forever. I must have totally missed that. I'll bet there's no way to make a session last forever. A don't log me out, ever setting on a webapp usually works outside of the session management provided by the container, but also works with it. The browser sends a keep me logged-in cookie to the server, and if the user is not currently logged-in, you perform an automatic login which does not require credentials but still gives you a session. This gives the user the illusion of a session that never expires but, of course, the session /does/ expire so that the server doesn't explode with non-expiring sessions. If app servers kept sessions indefinitely, they would crash every day :( - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGg7P39CaO5/Lv0PARAiolAJ487UXXyHzyGVP4CCqFmUQ/hE9ARwCeMX5T hQgKjZOHiXjNIqbKHpVulaY= =zJiM -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Where to find session cookies
From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: Where to find session cookies in the ops first question he was asking about session timeouts... and making them last forever. I must have totally missed that. You didn't miss anything - Johnny K made that up. The OP (lightbulb432) started the thread with the misconception that the server, not the client, keeps track of cookies. At no point did anyone mention infinite session timeouts until Johnny K tried to use it to justify his Tomcat will run out of memory comment. This thread has also shown some confusion with the term session cookie, using it as if there were a set of cookies that Tomcat stores in a session object (not true), rather than just a cookie with a particular name that the browser keeps track of. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where to find session cookies
Hi LightBulb, I think you missing a concept somewhere... A typically setup for a servlet that wants to use a cookie is like this HttpSession session = request.getSession(true); //Make a session if one does not exist String SomeAttributeISet = session.getAttribute(SomeAttributeISet ); //Read back your cookie stuff, normally your Session bean if (SomeAttributeISet == null) { //Attribute is not set, so no cookie //Normally you would make a new Session Bean here } else {// got session info, so picking up the cookie } I never use isNew because typically the above structure tells you if the cookie has come back or not, indirectly because your session bean or attributes are null if no cookie. The first time the request comes in from the browser there will NEVER be a cookie session, because the browser needs a response from the servlet, to get the cookie in the first place. So if you setting up a form you must remember to set the cookie up when you give them the page, so that when they submit it, the session is already in place, otherwise it will only get set after the first response. Its not instantaneous it needs one cycle. isNew() may come in handy but you have to understand, that if you have any security in your apps, the session will already be old because Tomcat will already have made that session... so it doesnt mean much, rather just keep an eye on the beans you set in the session. If you look in the browser you will not see your attribute you will see something like JSessionID = GA6238468HFABB6868768687 That is the session and Tomcat stores all your attributes against that its just a glorified hash table, that keeps (JSessionID, YourAttribute, Value) To answer your question if you turn off cookies in your browser and you not using urlRewriting, ie you using the above, you should see isNew all the time. If cookies are on in the browser, isNew will happen the first time, but not the second time. If security is used, isNew will always be false to you. So you make a form and .. do the above... ie make your session bean, the user fills it in and submits. When you read it if your bean is then null you send them a message that tells them to turn cookies on. Its normally just about impossible to use the web today without cookies running, so it normally enough to just tell the user to turn them on. In the old days when some browsers couldnt do cookies you had to do it. urlRewriting is very tricky and you actually need to write all the URL's in your page with the sessionID as well, else things like menu items break, it gets extremely messy. In general I dont use it just tell the user to turn it on. Where I do use it, and its not really just for sessions, is when I want the user to get back to the same state, by just keeping the url, and I find url Session reWriting is not enuf then anyway. A good example of a scheme like that is Google just look at how its storing state in the url, but its doing more than just session management. Hope that helps - Original Message - From: lightbulb432 [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Tuesday, June 26, 2007 9:12 PM Subject: RE: Where to find session cookies How can I configure Tomcat to use permanent cookies as opposed to session cookies? One of the reasons I'd like to know is to see the behavior of method isNew() of HttpSession, which I can do if I'm able to disable cookies. As the Javadoc for HttpSession says: A servlet should be able to handle cases in which the client does not choose to join a session, such as when cookies are intentionally turned off. Fargusson.Alan wrote: Session cookies are not stored on disk. This is why they are more secure then cookies (non-session). Since they only exist in RAM (ok, maybe in swap files) nobody else using that machine can find them, and they go away when the browser ends. -Original Message- From: lightbulb432 [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 29, 2007 12:15 PM To: users@tomcat.apache.org Subject: Where to find session cookies When testing my application that uses sessions, I don't seem to see a cookie with domain localhost in my browser's cookies folder. Does Tomcat use some internal folder to put its cookies, or am I just doing something else wrong? I do have cookies enabled, so it's not writing the session id to the URL, either. Thanks. -- View this message in context: http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a10860700 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
RE: Where to find session cookies
| From: lightbulb432 [mailto:[EMAIL PROTECTED] | Sent: Tuesday, 26 June, 2007 14:13 | | How can I configure Tomcat to use permanent cookies as opposed to session | cookies? One of the reasons I'd like to know is to see the behavior of | method isNew() of HttpSession, which I can do if I'm able to disable | cookies. As the Javadoc for HttpSession says: | | A servlet should be able to handle cases in which the client does not | choose to join a session, such as when cookies are intentionally turned | off. I think the only thing that differentiates between session and persistent cookies is the presence of an expiration date. No date == session cookie, future date == persistent cookie. To check the behavior you're curious about, why not just disable cookies in your browser? ISTR that TC then just sets the session ID explicitly in the query string of the URL. - The information contained in this message is confidential proprietary property of Nelnet, Inc. and its affiliated companies (Nelnet) and is intended for the recipient only. Any reproduction, forwarding, or copying without the express permission of Nelnet is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this e-mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where to find session cookies
True, although I dont know how to make Tomcat do that, nor do I think it should be done, they must expire, or else with time his Tomcat will run out of memory. - Original Message - From: Nelson, Tracy M. [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, June 27, 2007 7:21 PM Subject: RE: Where to find session cookies | From: lightbulb432 [mailto:[EMAIL PROTECTED] | Sent: Tuesday, 26 June, 2007 14:13 | | How can I configure Tomcat to use permanent cookies as opposed to session | cookies? One of the reasons I'd like to know is to see the behavior of | method isNew() of HttpSession, which I can do if I'm able to disable | cookies. As the Javadoc for HttpSession says: | | A servlet should be able to handle cases in which the client does not | choose to join a session, such as when cookies are intentionally turned | off. I think the only thing that differentiates between session and persistent cookies is the presence of an expiration date. No date == session cookie, future date == persistent cookie. To check the behavior you're curious about, why not just disable cookies in your browser? ISTR that TC then just sets the session ID explicitly in the query string of the URL. - The information contained in this message is confidential proprietary property of Nelnet, Inc. and its affiliated companies (Nelnet) and is intended for the recipient only. Any reproduction, forwarding, or copying without the express permission of Nelnet is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this e-mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Where to find session cookies
From: Johnny Kewl [mailto:[EMAIL PROTECTED] Subject: Re: Where to find session cookies True, although I dont know how to make Tomcat do that, nor do I think it should be done, they must expire, or else with time his Tomcat will run out of memory. ??? Why do you think Tomcat will run out of memory? Cookies are inserted into responses, maintained by the client and returned on subsequent requests. Unless a webapp is keeping track of them for some esoteric reason, there's no memory consumed once a request has been processed and the response sent. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where to find session cookies
- Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, June 27, 2007 8:53 PM Subject: RE: Where to find session cookies From: Johnny Kewl [mailto:[EMAIL PROTECTED] Subject: Re: Where to find session cookies True, although I dont know how to make Tomcat do that, nor do I think it should be done, they must expire, or else with time his Tomcat will run out of memory. ??? Why do you think Tomcat will run out of memory? Cookies are inserted into responses, maintained by the client and returned on subsequent requests. Unless a webapp is keeping track of them for some esoteric reason, there's no memory consumed once a request has been processed and the response sent. --- I think they actually referring to Session cookies, and making Tomcat never timeout a session. So I think that if attributes and session beans never ever die, they will eventually amass a major amount of memory in the ops first question he was asking about session timeouts... and making them last forever. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Where to find session cookies
How can I configure Tomcat to use permanent cookies as opposed to session cookies? One of the reasons I'd like to know is to see the behavior of method isNew() of HttpSession, which I can do if I'm able to disable cookies. As the Javadoc for HttpSession says: A servlet should be able to handle cases in which the client does not choose to join a session, such as when cookies are intentionally turned off. Fargusson.Alan wrote: Session cookies are not stored on disk. This is why they are more secure then cookies (non-session). Since they only exist in RAM (ok, maybe in swap files) nobody else using that machine can find them, and they go away when the browser ends. -Original Message- From: lightbulb432 [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 29, 2007 12:15 PM To: users@tomcat.apache.org Subject: Where to find session cookies When testing my application that uses sessions, I don't seem to see a cookie with domain localhost in my browser's cookies folder. Does Tomcat use some internal folder to put its cookies, or am I just doing something else wrong? I do have cookies enabled, so it's not writing the session id to the URL, either. Thanks. -- View this message in context: http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a10860700 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a11311838 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Where to find session cookies
It is up the servlet. As far as I know Tomcat cannot change this. As to how you get the servlet to use one or the other: I do not know enough about WEB programming to tell you. -Original Message- From: lightbulb432 [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 26, 2007 12:13 PM To: users@tomcat.apache.org Subject: RE: Where to find session cookies How can I configure Tomcat to use permanent cookies as opposed to session cookies? One of the reasons I'd like to know is to see the behavior of method isNew() of HttpSession, which I can do if I'm able to disable cookies. As the Javadoc for HttpSession says: A servlet should be able to handle cases in which the client does not choose to join a session, such as when cookies are intentionally turned off. Fargusson.Alan wrote: Session cookies are not stored on disk. This is why they are more secure then cookies (non-session). Since they only exist in RAM (ok, maybe in swap files) nobody else using that machine can find them, and they go away when the browser ends. -Original Message- From: lightbulb432 [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 29, 2007 12:15 PM To: users@tomcat.apache.org Subject: Where to find session cookies When testing my application that uses sessions, I don't seem to see a cookie with domain localhost in my browser's cookies folder. Does Tomcat use some internal folder to put its cookies, or am I just doing something else wrong? I do have cookies enabled, so it's not writing the session id to the URL, either. Thanks. -- View this message in context: http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a10860700 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a11311838 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where to find session cookies
Think the servlet APIs like response.addCookie() etc ... might be helpful here. You can send couple of cookies in your response header, the browser will store these cookies permanently in harddisk. -Venkatesh - Original Message From: lightbulb432 [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Wednesday, June 27, 2007 12:42:36 AM Subject: RE: Where to find session cookies How can I configure Tomcat to use permanent cookies as opposed to session cookies? One of the reasons I'd like to know is to see the behavior of method isNew() of HttpSession, which I can do if I'm able to disable cookies. As the Javadoc for HttpSession says: A servlet should be able to handle cases in which the client does not choose to join a session, such as when cookies are intentionally turned off. Fargusson.Alan wrote: Session cookies are not stored on disk. This is why they are more secure then cookies (non-session). Since they only exist in RAM (ok, maybe in swap files) nobody else using that machine can find them, and they go away when the browser ends. -Original Message- From: lightbulb432 [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 29, 2007 12:15 PM To: users@tomcat.apache.org Subject: Where to find session cookies When testing my application that uses sessions, I don't seem to see a cookie with domain localhost in my browser's cookies folder. Does Tomcat use some internal folder to put its cookies, or am I just doing something else wrong? I do have cookies enabled, so it's not writing the session id to the URL, either. Thanks. -- View this message in context: http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a10860700 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a11311838 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to see what's on, when. http://tv.yahoo.com/collections/222 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Where to find session cookies
When testing my application that uses sessions, I don't seem to see a cookie with domain localhost in my browser's cookies folder. Does Tomcat use some internal folder to put its cookies, or am I just doing something else wrong? I do have cookies enabled, so it's not writing the session id to the URL, either. Thanks. -- View this message in context: http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a10860700 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Where to find session cookies
From: lightbulb432 [mailto:[EMAIL PROTECTED] Subject: Where to find session cookies When testing my application that uses sessions, I don't seem to see a cookie with domain localhost in my browser's cookies folder. Does Tomcat use some internal folder to put its cookies, Think about what you're asking: how can a server influence where a browser running on some arbitrary platform keeps track of cookies using HTTP protocol? That's entirely up to the whims of the browser. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where to find session cookies
If u are referring to session cookies (jsessionid and jsessionidsso) then the http servlet request contains a method called getCookies() where u can find the cookies and use them for further use by storing them im memory, once the response is received by browser it is upto it where and how it stores it. Vinod - Original Message From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, May 30, 2007 1:02:06 AM Subject: RE: Where to find session cookies From: lightbulb432 [mailto:[EMAIL PROTECTED] Subject: Where to find session cookies When testing my application that uses sessions, I don't seem to see a cookie with domain localhost in my browser's cookies folder. Does Tomcat use some internal folder to put its cookies, Think about what you're asking: how can a server influence where a browser running on some arbitrary platform keeps track of cookies using HTTP protocol? That's entirely up to the whims of the browser. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. http://new.toolbar.yahoo.com/toolbar/features/mail/index.php - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where to find session cookies
lightbulb432 wrote: When testing my application that uses sessions, I don't seem to see a cookie with domain localhost in my browser's cookies folder. Does Tomcat use some internal folder to put its cookies, or am I just doing something else wrong? Where your browser stores it's cookies is none of Tomcat's business, nor is it something Tomcat can dictate. Why not clear your cookies and test again but only visit the test server - it should be pretty clear to see if Tomcat is writing a cookie. You can also use Firebug in Firefox to actually see the 'Set-Cookie: JSESSIONID=466B27CDDCC1; Path=/' header being set by the JSP/Servlet etc. p I do have cookies enabled, so it's not writing the session id to the URL, either. Thanks. smime.p7s Description: S/MIME Cryptographic Signature
RE: Where to find session cookies
Session cookies are not stored on disk. This is why they are more secure then cookies (non-session). Since they only exist in RAM (ok, maybe in swap files) nobody else using that machine can find them, and they go away when the browser ends. -Original Message- From: lightbulb432 [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 29, 2007 12:15 PM To: users@tomcat.apache.org Subject: Where to find session cookies When testing my application that uses sessions, I don't seem to see a cookie with domain localhost in my browser's cookies folder. Does Tomcat use some internal folder to put its cookies, or am I just doing something else wrong? I do have cookies enabled, so it's not writing the session id to the URL, either. Thanks. -- View this message in context: http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a10860700 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]