Curious as to why you're writing a Filter
Are you modifying Request Headers or the Request itself?
Thx,
M--
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed. If you have received this email message in error, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy. Thank you.
----- Original Message -----
From: "Jesse Barnum" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Friday, June 29, 2007 7:05 PM
Subject: [SOLVED] Re: How do I set maxage on the JSESSIONID cookie?
Eric, that worked - your code was very helpful, thanks. I wound up
doing it as a Filter instead of a Valve, so that it would not be tied
to Tomcat.
Here is the code in case anybody else would find it useful:
--Jesse Barnum, President, 360Works
http://www.360works.com
(770) 234-9293
package com.prosc.servlet;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.IOException;
/**
* This class will set the cookie maxAge to match the session timeout
value. That way, a user who closes their browser and
* re-enters the site will still have the same session if it has not
timed out on the server.
*/
public class SessionCookieExtender implements Filter {
private static final String JSESSIONID = "JSESSIONID";
public void init( FilterConfig config ) throws ServletException {}
public void doFilter( ServletRequest _request, ServletResponse
_response, FilterChain chain ) throws IOException, ServletException {
if( _response instanceof HttpServletResponse ) {
HttpServletRequest httpRequest = (HttpServletRequest)_request;
HttpServletResponse httpResponse = (HttpServletResponse)_response;
HttpSession session = httpRequest.getSession();
if( session != null && session.getId() != null ) {
Cookie sessionCookie = new Cookie( JSESSIONID, session.getId() );
int sessionTimeoutSeconds = session.getMaxInactiveInterval();
sessionCookie.setMaxAge( sessionTimeoutSeconds );
sessionCookie.setPath( httpRequest.getContextPath() );
httpResponse.addCookie( sessionCookie ); //FIX! This doesn't
actually get rid of the other cookie, but it seems to work OK
}
}
chain.doFilter( _request, _response );
}
public void destroy() {}
}
On Jun 29, 2007, at 2:50 PM, Eric Berry wrote:
You will probably have to write a valve for this. I had to write one
to set the session cookie's domain so that it's a site wide domain.
I posted the code to this mailing list a while back. If you do a
search you should be able to find it, if not let me know I'll see if I
can get a hold of it.
Eric
On 6/29/07, Christopher Schultz <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
Jesse Barnum wrote:
> Well, you can set the max age on a cookie to something > 0,
which means
> that it will persist for that amount of time, even if the user's
browser
> window is closed. I'm just trying to figure out if there is a
way to
> tell Tomcat to set that property on the cookies that it creates
to store
> the session ID's.
You may have to do it manually (that is, grab the Cookie object
from the
response and force the maxage).
On the other hand, the user's session is going to time out within
that
48 hours, so what's the point of maintaining the JSESSIONID cookie
past
the browser-session?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGhUcu9CaO5/Lv0PARAjzeAJ9PAkO2n4InRn9s9KaoCTlZ6gogowCgipM2
VibFQ3g7DvtU4ajdOcsOa94=
=Jdtn
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Learn from the past. Live in the present. Plan for the future.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
