What would the cookie store? Username and password, just username, or something else? How can this be done in such a way as to prevent the user from changing the value within the cookie?
Could you elaborate on what you meant by sessions not working when the browser caches a page? If a user submits a form in a cached page, wouldn't they still be directed to their same session on the server? (Whether the session ID is stored in URL, cookie, or hidden form field.) Thanks. Rashmi Rubdi-2 wrote: > > On 4/28/07, lightbulb432 <[EMAIL PROTECTED]> wrote: >> >> Is it possible for a Tomcat session keep the session alive for a certain >> period of time (say, 2 hours), > > The session timeout interval is adjustable, see <session-config> under > conf/web.xml > > Max inactive interval can also be specified in HttpSession object, > with setMaxInactiveInterval(int interval) > > Additionally HttpSessionListener captures the event when the session > is about to be > invalidated -- according to JavaEE 5 API. > >> but remove all objects within it after a >> default period of time (like half an hour)? This way the user doesn't >> have >> to re-login as per your usual session timeout but their session state >> doesn't eat up Tomcat memory. > > I would consider setting a Cookie instead of storing login info in > HttpSession in this case. > > One drawback with sessions is that, a session will not work if the web > page gets cached by the browser. So, in order to keep the session > alive, it is also important to prevent the caching of a page. > > -Regards > Rashmi > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Keep-session-alive-tf3662662.html#a10234725 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]