How to continue working with previous session?
2 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Aleksandr_Petuhhov
Posted On:   Thursday, July 18, 2002 12:18 AM

When I create a new session , I keep it's ID in cookies with expiration time of about a year. The session's timeout on the server is also set to a big value. Then, when I quit browser without invalidating session on the server and open it again, I need to continue working with the existing session. What I'm trying to do for that, is to rewrite URL with the session id last time stored in cookie. But Tomcat looks for session object with id of newly created browser's session. How to make Tomcat use previous session object? If I tell browser not to use cookies, everything works fine and Tomcat uses session id from URL to associate it's session object! But if I enable cookies in the browser, session id from URL always ignored. I even tried to add cookie wit   More>>

When I create a new session , I keep it's ID in cookies with expiration time of about a year. The session's timeout on the server is also set to a big value. Then, when I quit browser without invalidating session on the server and open it again, I need to continue working with the existing session. What I'm trying to do for that, is to rewrite URL with the session id last time stored in cookie. But Tomcat looks for session object with id of newly created browser's session.

How to make Tomcat use previous session object? If I tell browser not to use cookies, everything works fine and Tomcat uses session id from URL to associate it's session object! But if I enable cookies in the browser, session id from URL always ignored. I even tried to add cookie with the name "JSESSIONID" to the response during redirect, but this gave no desired effect: Tomcat always uses current browser cookie's session id.

Can anyone answer my question? Please, do it asap.

   <<Less

Re: How to continue working with previous session?

Posted By:   Christopher_Koenigsberg  
Posted On:   Thursday, July 18, 2002 07:45 AM

I think your question might be rephrased as, how can you make the regular session cookie "persistent", so that it will be saved on disk, on the client side, e.g. reused across browser shutdowns?

Re: How to continue working with previous session?

Posted By:   Sebastien_Meric  
Posted On:   Thursday, July 18, 2002 02:23 AM

hello


I don't think that what you are trying to do is a good way to do things. May be that's why tomcat won't let you do so.


What you are doing there is use the session ID to authentify your user on the second (third, ...) connection to your server as long as the reconnection is done before the timeout (many long minutes).


Because of this you make the server very week because anyone can get authentified with knowing the only sessionId.


I think that you should use your own way of keeping semipersistante data from the session, with easy access as soon as the session is established and still use full authentification process to reauthentifiate your client.


Regards

s├ębastien

About | Sitemap | Contact