aspose file tools*
The moose likes Servlets and the fly likes session vanishes after IE closed??? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "session vanishes after IE closed???" Watch "session vanishes after IE closed???" New topic
Author

session vanishes after IE closed???

wei wu
Greenhorn

Joined: Apr 27, 2003
Posts: 23
The very first time I visit my service( register ), the servlet create a new session.
and then, I visite other web site( such as www.yahoo.com ), and then go back to my service, the session still exists( session can be extracted from request object ), that is to say, the service still recognised me.
But after I closed IE, and then visited the service again, the session extracted was null, the service did not recognised me any longer!
I want the performance, that after you have registered within the service, whenever you visit it again, you will be recognized by the service. Who can tell me what should I do?
Thanks in advance!
bharat nagpal
Ranch Hand

Joined: Oct 26, 2002
Posts: 76
you can use write some information on client's machine at some temporary location. you can use cookies for this. When I visit JavaRanch, I don't have to sign in again n again and it automatically reads info from my machine.
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12678
    
    5
The cookie that is used to hold a sessionID only lives during one browser session - as a security measure. As bhart says, you have to write your own cookie with a longer lifespan in order to identify a user who comes back with a new browser session. There is a nice discussion in the Cookie JavaDocs.
Bill


Java Resources at www.wbrogden.com
wei wu
Greenhorn

Joined: Apr 27, 2003
Posts: 23
Thanks a lot!
But some people may choose to enable Coocies, some people may disable! As to people who disable Coocies, How can they log in Javaranch automatically???
bharat nagpal
Ranch Hand

Joined: Oct 26, 2002
Posts: 76
If the browser does not support cookies, or if cookies are disabled, you can still enable session tracking using URL rewriting.There is some method that allows you to check, if the cookies are enabled or not.
R K Singh
Ranch Hand

Joined: Oct 15, 2001
Posts: 5370
Originally posted by bhart nagpal:
If the browser does not support cookies, or if cookies are disabled, you can still enable session tracking using URL rewriting.There is some method that allows you to check, if the cookies are enabled or not.

Will URL re-writing give you the facility of auto-login
[ July 16, 2003: Message edited by: Ravish Kumar ]

"Thanks to Indian media who has over the period of time swiped out intellectual taste from mass Indian population." - Chetan Parekh
bharat nagpal
Ranch Hand

Joined: Oct 26, 2002
Posts: 76
yup . you are write, without writing anything on client , I won't be able to log in automatically.
But normal session tracking can be done with url rewriting.
JohnJohn SmithSmith
Greenhorn

Joined: Aug 11, 2002
Posts: 7
The advise about URL re-writing that can provide automatic login is incorrect.
A session only lives for a short amount of time. I believe the default is an hour.
The only way I know that you do what you want to do is if cookies are enabled on the client browser and you write a cookie.
Any Java book that talks about servlets will talk about the session. I would encourage you to read about it. You will then understand how it works. It wasn't designed to be a long living session, if the person closes their browser, the session is over.
Jay
[ July 18, 2003: Message edited by: Jay Sissom ]
Ron Newman
Ranch Hand

Joined: Jun 06, 2002
Posts: 1056
Isn't the seesion timeout settable, both via web.xml and via the method HttpSession.setMaxInactiveInterval() ?


Ron Newman - SCJP 1.2 (100%, 7 August 2002)
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12678
    
    5
Yes, session life is settable, but the original problem had to do with the lifetime of the cookie containing the sessionID on the browser side.
I suppose you could do "automatic login" without cookies IF you bookmarked a re-written URL that contained the login parameters.
Bill
Ron Newman
Ranch Hand

Joined: Jun 06, 2002
Posts: 1056
I had expected that the cookie lifetime would match the session lifetime; I'm surprised that it doesn't.
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12678
    
    5
If the sessionID cookie survived beyond one browser session, it would create a security hole - anybody could fire up your browser, go to the last URL and resume your session if they did it within 30 minutes.
Bill
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: session vanishes after IE closed???
 
Similar Threads
which case a session is killed ?
keep session alive after browser is closed
pulling my hair out
Why session destroyed when browser closed
Question on the answer of the Whizlab Diagnostic Exam #33