This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Why session destroyed when browser closed

 
Treimin Clark
Ranch Hand
Posts: 757
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I attempted to keep the session available, even after the browser closed. But when the browser closed and start again, it doesn't send the jsessionid (cookie) to the server.

Then I tried,

1. I set the setMaxInactiveInterval on HttpSession for a long duration
2. Set the setMaxAge on the cookie named "jsessionid" for a long duration.
3. I set the setMaxInactiveInterval on HttpSession for -1.
4. Set the setMaxAge on the cookie named "jsessionid" for -1.

I used above actions independently and together, but the result didn't changed as I wished.

I'm using IE6 for this. However, the above problem is not occured with Firefox!

Please don't say that the problem is with IE6. Because I'm using JavaRanch on the IE6, and my JavaRanch account is always signed-in within it.

Please tell me how can I do this? Is there any other way I can use, like JavaRanch does?
 
Steve Luke
Bartender
Posts: 4181
21
IntelliJ IDE Java Python
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Treimin Clark:
Hi,

I attempted to keep the session available, even after the browser closed. But when the browser closed and start again, it doesn't send the jsessionid (cookie) to the server.

Then I tried,

1. I set the setMaxInactiveInterval on HttpSession for a long duration
2. Set the setMaxAge on the cookie named "jsessionid" for a long duration.
3. I set the setMaxInactiveInterval on HttpSession for -1.
4. Set the setMaxAge on the cookie named "jsessionid" for -1.

I used above actions independently and together, but the result didn't changed as I wished.

I'm using IE6 for this. However, the above problem is not occured with Firefox!

Please don't say that the problem is with IE6. Because I'm using JavaRanch on the IE6, and my JavaRanch account is always signed-in within it.

Please tell me how can I do this? Is there any other way I can use, like JavaRanch does?


The Session cookie is a special cookie that is designed to only live for the same user session - which ends when the service connected to the web application ends - which ends when the browser is closed. The cookie SHOULD be destroyed when the browser is closed (if Firefox doesn't remove the cookie than it is a problem with Firefox), and is typically NOT saved.

JavaRanch's constant logon does not preserve your session. It assigns a New cookie with a long MaxAge that identifies you when you make the first request and starts a new session that associates your user id with the new session that is made.

So you would need to follow the same strategy:
1) Each user gets a permanent user id
2) Any settings and info you want shared from session to session needs to be stored permanently associated with that ID (in a database usually)
3) Store a new cookie when a user logs in with the user id (not session id), with a MaxAge as long as possible.
4) When a user comes back to the site check for the cookie, create a new session, look up the user id you stored in the cookie, and associate any info you want to propagate from session to session with the new session.

A couple of things you should think about would be:
- You should probably encrypt the cookie so it is harder for people to find the id you are using
- Don't store the password
- If your system stores any important private information, you should still require an additional login to access the info
- Make sure you re-up the MaxAge on the user id cookie each time the user logs in to help make the auto-login feature appear perpetual.
 
Raf Szczypiorski
Ranch Hand
Posts: 383
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, you can do this to preserve the session:

Note that I explicitly call addCo okie() with the JSESSIONID name, which is the co okie that the specs dictates must be used for session tracking. When I first visit the page, it says I'm new, every next visit it greats me with my name. When I close the browser, and visit the page again, it remembers my name as the co okie is stored on disk and sent to the server. It will only work if you visit the page within the session-timeout configuration setting, after that the JSESSIONID is meaningless for the server, it is invlaidated.
Also note that it works with Tomcat 6 and servlet 2.5. I don't know if this is portable to Jetty for instance.
(There is a deliberate space within "Cookie" / "cookie" because Javaranch prevents uing it - kind of security measure.)
[ December 18, 2008: Message edited by: Raf Szczypiorski ]
 
Treimin Clark
Ranch Hand
Posts: 757
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for Steve and Raf.

@Raf,
This is what I actually done before posting this question. But it works on Firefox only. (Not worked on IE6)

I think, I should do something as Steve said, even though it seems hard. :roll:

If you can provide another solution for retrieve the session, please post it. It will be helpful to me alot.

Thanks in advance.
[ December 18, 2008: Message edited by: Treimin Clark ]
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Persist it in a database and retrieve it from there? Serialize the session state to disk and recover it on login?

You can, as Raf suggests, persists the JSESSIONID. But any data associated with it will dissappear when the session times out, and that is not going to be a huge amount of time (think minutes not days).
 
Raf Szczypiorski
Ranch Hand
Posts: 383
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Treimin
Yup, sorry, I kind of didn't see that you tried that already :roll:
 
Treimin Clark
Ranch Hand
Posts: 757
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Raf,

I found that why our code doesn't run for me. It was because of this.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic