Tomcat uses HTTP cookie to track browser sessions. By default Tomcat 5.5 generates session cookies without an expiration date (Expires=...), like:
Set-Cookie: JSESSIONID=A39F8F3623D20EF9E66D309E298E87E0; Path=/
using Cookie.setMaxAge(-1).
Without an expiration date, this cookie should be deleted by the browser when it is closed, which is what IE7 does. Thus, even the session has a lifetime, say 12 hours, at the Tomcat side, if the browser was restarted, the session would be lost.
Firefox keeps the session cookie when it restarts.
I use the following code to override this behavior:
// after users log in
// HttpServletResponse response
response.setHeader("Set-Cookie", "JSESSIONID=" + request.getSession().getId()
+ "; Expires=" + getCookieExpiresFormat().formatByAge(age)
+ "; Path=/");
It generates something like
Set-Cookie: JSESSIONID=A39F8F3623D20EF9E66D309E298E87E0; Expires=Thu, 22-Apr-2010 20:07:56 GMT; Path=/
Thus the session can be kept live for any time period even when browser restarted.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment