aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes How to set JSESSIONID's maxAge? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "How to set JSESSIONID Watch "How to set JSESSIONID New topic
Author

How to set JSESSIONID's maxAge?

William Yan
Ranch Hand

Joined: Sep 26, 2006
Posts: 69
Hi ranchers,

I want to make the JSESSIONID cookie to stay alive after the brower shuts down.
I think I should invoke the JSESSIONID's setMaxAge(time), but how can I do it?
The session and JSESSIONID cookie are generated automatically by getSession(), I just cannot setMaxAge BEFORE add the cookie.

Thank you for your light on it in advance.
William


Java is better and better, yet bitter and bitter.
Celinio Fernandes
Ranch Hand

Joined: Jun 28, 2003
Posts: 547

Cookie cookie = new Cookie("username", name) ;
cookie.setMaxAge(30*60);
res.addCookie(cookie);


SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCBCD 5
Visit my blog
William Yan
Ranch Hand

Joined: Sep 26, 2006
Posts: 69
No, Max, I wanna set the JSESSIONID's maxAge.
The JSESSIONID cookie is generated automatically, so i don't know how to set it.

Thankyou.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

What's the use of keeping the JSESSIONID if the session if actually destroyed after shutdown ? Keeping the cookie alive will not persist the session.
Maybe you should check your container's documentation about session persistence (Tomcat serializes the session by default)


[My Blog]
All roads lead to JavaRanch
William Yan
Ranch Hand

Joined: Sep 26, 2006
Posts: 69
Hi Satou,
What i want to do is to guarantee that:
When the client shuts down his browser (and before the session expires), he comes back, opens his browser, and visits the server, the server(keeping the session) could recognize him by his JSESSIONID cookie.
I want the client's browser to keep the JSESSIONID cookie even if the browser shuts down. I dont know how.

OR you mean:
Session is only available when the browser is ON, when the browser shuts down this session is not available any longer, although on the server the session object may still be alive?

Thank you,
William.
[ November 14, 2006: Message edited by: William Yan ]
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

What I mean is that the JSESSIONID is just an ID used by the server to retrieve the session. Even if you keep the JSESSIONID cookie, the container may destroy the session on shutdown. So you get the cookie back, but it refers to nothing.
What you want to do is called session persistence. It's container specific, so you should refer to your container's doc to know how to do it. You should not mess with the JSESSIONID cookie

http://tomcat.apache.org/tomcat-5.5-doc/config/manager.html
William Yan
Ranch Hand

Joined: Sep 26, 2006
Posts: 69
OK Satou,
I will refer to the doc, and I still have something confused,
I'd like to ask new question later.
Thank you all the same.
William Yan
Ranch Hand

Joined: Sep 26, 2006
Posts: 69
Hi Satou,

I mean when the session has not expired, but the client shuts down the BROWSER, the cookie will be lost. How can I keep it alive because the session is STILL alive on the SERVER.

If that is not clear, please see my story,
I put session.setMaxInactiveInterval(3 * 60); in my servlet.
That means if the client don't visit the server again in 3 mins, the session will be abandoned on the server. YES?

First, i start Tomcat and visit the servlet, a session is generated and I get the JSESSIONID cookie in my browser. And if I revisit the server(don't shut down my browser) in 3 mins, the server will recognize me. All is right.

Second, i copy the JSESSIONID number and shut down my browser, revisit the server, then the server cannot recognize me because my JSESSIONID has been lost in the browser.

Third, i put ";jsessionid=123..456" at the end of the address(the number is copied in step 2) and visit the server. The server can recognize me(the 3 mins' session has not expired)! That means the session is still there on the server, but i cannot find the JSESSIONID cookie since i shut down my browser.

I just wanna keep the JSESSEIONID cookie ALIVE, because the session has not expired, EVEN IF the BROWSER is shut down and restarted.

Could you please drop me a light on it?
Thank you.
William Yan
Ranch Hand

Joined: Sep 26, 2006
Posts: 69
Thank you Vivek, I will try.
Vikrant Pandit
Ranch Hand

Joined: Mar 27, 2006
Posts: 245
Unfortunately that will not help much .. you would have to do a lot of work after that too ....like creating the new session object from the attributes of the old one ...

I deleted my post when i realized this , but not before you had read it ....

btw , try this... just create a new cookie JSESSIONID with the value of the session id retrieved from the other cookie


Vikrant Pandit
William Yan
Ranch Hand

Joined: Sep 26, 2006
Posts: 69
Hi Vivek,
I think it will work(use another cookie to store session id, and maintain a map keeping cookie-session pair).

But where should i maintain the map is another question, and may it be a little too complicated?

So the final question is, "Is there any simple way to let the browser keep the cookie, so that the client could be recognized by the server as long as the session is not expired whatever he shut down the browser or not? "
Arvind Giri
Ranch Hand

Joined: Jun 26, 2005
Posts: 91
I think it will work(use another cookie to store session id, and maintain a map keeping cookie-session pair).


But when user will make a new request after opening browser again, the server will start a new session for him(a new HttpSession Object will be created). So even though we know what was the session id of his previous session how can we enforce container to give us same session object ?


Regards<br /> <br />Arvind Giri<br />MCA,SCJP 1.4,SCWCD 1.4<br />Looking for SCDJWS
Vikrant Pandit
Ranch Hand

Joined: Mar 27, 2006
Posts: 245
To maintain the Map .... you can use a HttpSessionListener

add an entry to the map when sessionCreated is called
and remove the entry from the map when sessionDestroyed is called on the session expiry .....

HTH
Vikrant Pandit
Ranch Hand

Joined: Mar 27, 2006
Posts: 245
Hi William,

Try this code


When I ran it for first time , I got two JSESSIONID cookies , one with max age as -1 and the other with max age as 5 min. Also ses.isNew() was true

Tnen I shut down the browser and lauched it again . I saw that I had only one cookie , the one with max age as 5 min . The other was deleted by the browser . When I hit the web app again , I got the same session back , ses.isNew() was false

Hope this will resolve your problem
Arvind Giri
Ranch Hand

Joined: Jun 26, 2005
Posts: 91
Nice Solution Vivek

But when user will make a new request after opening browser again, the server will start a new session for him(a new HttpSession Object will be created). So even though we know what was the session id of his previous session how can we enforce container to give us same session object ?


I was thinking that we are talking about storing session id in a different cookie. Well just for curiosity: Is it possible that we store session id in a different cookie and still get the same session?
Vikrant Pandit
Ranch Hand

Joined: Mar 27, 2006
Posts: 245
Well if we store it in a diferrent cookie , a new session will be created ...
thats why we need to use JSESSIONID cookie
William Yan
Ranch Hand

Joined: Sep 26, 2006
Posts: 69
Thank you, really appreciate for your replys.
Niranjan Deshpande
Ranch Hand

Joined: Oct 16, 2005
Posts: 1277
No, Max, I wanna set the JSESSIONID's maxAge

the session cookie gets destoryed as soon as the user closes his browser window or quits the session.this is the defauilt behavioir of the seesion cookie.

i dont think you can override this behaviour
may we can TRY to do so by saying



will this work ?


SCJP 1.4 - 95% [ My Story ] - SCWCD 1.4 - 91% [ My Story ]
Performance is a compulsion, not a option, if my existence is to be justified.
William Yan
Ranch Hand

Joined: Sep 26, 2006
Posts: 69
Hi Niranjan,
When the client visit the servlet for the first time, and shuts down his browser, the session cookie will be lost. How can we get that cookie again, and set it?
Niranjan Deshpande
Ranch Hand

Joined: Oct 16, 2005
Posts: 1277
hmm...that was a good catch.

in that case vivek's code should work, as it has a USER DEFIED COOKIE that
is a session cookie in disguise.

Cookie cookie = new Cookie("JSESSIONID", ses.getId());
Arvind Giri
Ranch Hand

Joined: Jun 26, 2005
Posts: 91


I have a doubt reagrds this code. Will it really set the max age of cookie at client side too. or we will need to send it again to browser (using response.addCookie()). If we need to send it again then this would be exactly what Vivek is doing.

Please correct me if I am wrong.
Sander Plas
Greenhorn

Joined: Mar 27, 2012
Posts: 1
I know this is an old question, but if anyone else is looking for this information:

In Servlet 3.0, this can simply be specified in the web.xml:
 
jQuery in Action, 2nd edition
 
subject: How to set JSESSIONID's maxAge?