Originally posted by Treimin Clark:
Hi,
I attempted to keep the session available, even after the browser closed. But when the browser closed and start again, it doesn't send the jsessionid (cookie) to the server.
Then I tried,
1. I set the setMaxInactiveInterval on HttpSession for a long duration
2. Set the setMaxAge on the cookie named "jsessionid" for a long duration.
3. I set the setMaxInactiveInterval on HttpSession for -1.
4. Set the setMaxAge on the cookie named "jsessionid" for -1.
I used above actions independently and together, but the result didn't changed as I wished.
I'm using IE6 for this. However, the above problem is not occured with Firefox!
Please don't say that the problem is with IE6. Because I'm using JavaRanch on the IE6, and my JavaRanch account is always signed-in within it.
Please tell me how can I do this? Is there any other way I can use, like JavaRanch does?
The Session cookie is a special cookie that is designed to only live for the same user session - which ends when the service connected to the web application ends - which ends when the browser is closed. The cookie SHOULD be destroyed when the browser is closed (if Firefox doesn't remove the cookie than it is a problem with Firefox), and is typically NOT saved.
JavaRanch's constant logon does not preserve your session. It assigns a New cookie with a long MaxAge that identifies you when you make the first request and starts a new session that associates your user id with the new session that is made.
So you would need to follow the same strategy:
1) Each user gets a permanent user id
2) Any settings and info you want shared from session to session needs to be stored permanently associated with that ID (in a database usually)
3) Store a new cookie when a user logs in with the user id (not session id), with a MaxAge as long as possible.
4) When a user comes back to the site check for the cookie, create a new session, look up the user id you stored in the cookie, and associate any info you want to propagate from session to session with the new session.
A couple of things
you should think about would be:
- You should probably encrypt the cookie so it is harder for people to find the id you are using
- Don't store the password
- If your system stores any important private information, you should still require an additional login to access the info
- Make sure you re-up the MaxAge on the user id cookie each time the user logs in to help make the auto-login feature appear perpetual.