We have the application with a typical login page, and once the user logs on, some user data will be saved in session attributes. Now, I was asked to add such a feathure:the user only want to login for one time every day.The other times the user can go directly to the menu, even after "close and then restart the browser". I set the session time-out variable to be a pretty big number.I found once the browser is closed, the session is still alive(getSession(false)!=null), but the session attributes have all been lost. Is there any way to keep the session attributes after the browser is closed? I test the application with Tomcat3.3,and my production server doesn't support Session Listener.
Setting the Session timeout to be very large will not work. After the browser is closed (for IE at least) all session cookies get destroyed. Therefore, the next visit will result in a new session being used. You need to write a persistant cookie and then check for this cookie everytime the user visits. This is a standard industry technique.