-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Johnny,
Johnny Kewl wrote: > I think they actually referring to Session cookies, and making Tomcat > never timeout a session. TC will eventually timeout a session unless it is still in use. Just because the cookie has no expiration doesn't mean that the session has no expiration. If the session is in use, there's no sense in expiring it. If you have many in-use sessions and you run out of memory, then you haven't done your capacity planning properly. > So I think that if attributes and session beans never ever die, they > will eventually amass a major amount of memory... "Session beans" aren't necessarily tied to a user's session in the servlet API sense. If you mean "beans in the session", see above... > in the ops first question he was asking about session timeouts... and > making them last forever. I must have totally missed that. I'll bet there's no way to make a session last forever. A "don't log me out, ever" setting on a webapp usually works outside of the session management provided by the container, but also works with it. The browser sends a "keep me logged-in" cookie to the server, and if the user is not currently logged-in, you perform an "automatic login" which does not require credentials but still gives you a session. This gives the user the illusion of a session that never expires but, of course, the session /does/ expire so that the server doesn't explode with non-expiring sessions. If app servers kept sessions indefinitely, they would crash every day :( - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGg7P39CaO5/Lv0PARAiolAJ487UXXyHzyGVP4CCqFmUQ/hE9ARwCeMX5T hQgKjZOHiXjNIqbKHpVulaY= =zJiM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
