> From: Millies, Sebastian [mailto:[EMAIL PROTECTED] > Sent: 12 May 2005 15:57
> Can a client recapture his Tomcat session after he has accidentally closed > the browser, provided that the session object still exists on the server? If the client authenticates to your server (i.e. they log in), then you can use their login credentials as a key for session data. The downside is that you'll have to basically build your own session manager to facilitate this. (To handle expiration, inactivation, etc. if you want those features). However, there's no reason you can't leverage the built in session listeners to help implement this. For example, you can do some crude reference counting and when a user logs in, you register their session with your login-ID based session manager. Then, when the session expires (and calls the listener), it can check to see if any other sessions are registered, and if not, then it can safely kill the login-ID based session. This gives you the time out capability fairly cheaply. You don't get serialization and such though, nor clustering, but if you're not using those features, you don't care. Actually, as an aside, this would be a bit nasty, but you may be able to tweak the Tomcat session code to instead of using a temporary, browser based JSESSIONID cookie, make it permanent (but still expire in, say, an hour -- whatever timeout is suitable). This cookie would survive browser restarts (for good and ill). Other folks have mentioned the potential ramifications of that, but by doing it this way, it's possible. Just hope they don't use this in a public library. This basically redefines how sessions work for YOUR Tomcat, but it doesn't sound like an arduous change, and you get all of the other Tomcat session infrastructure for free. Your webapp won't be portable if you really on this though, since you have to change Tomcat itself to make it work. Regards, Will Hartung ([EMAIL PROTECTED]) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
