> Yes, I know I could do things with connection pooling, but I want different
> users logged in as their real user ids, not using a dummy user everyone
> uses.
Huh? that statement makes no sense. How does that apply to connections to a
database? I vote that it is a really really bad idea to store connections to
a database in a session object.
> Is it a good idea to tie a cookie with a life time of -1, set to the session
> id and when the browser process is terminated (no ambiguity!), the session
> associated with the cookie would be invalidated?
I would vote no on this one because for security reasons, you cannot count
on the "browser" to actually honor that criteria. Also there was something
fixed in the 1.0.1 development version of apache jserv regarding setting
cookies to.
<http://www.working-dogs.com/cvsweb/index.cgi/jserv/src/java/org/apache/jser
v/JServUtils.java?rev=1.11&content-type=text/x-cvsweb-markup>
-jon
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
