You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jesse Barnum <js...@360works.com> on 2007/06/30 01:05:15 UTC
[SOLVED] Re: How do I set maxage on the JSESSIONID cookie?
Eric, that worked - your code was very helpful, thanks. I wound up
doing it as a Filter instead of a Valve, so that it would not be tied
to Tomcat.
Here is the code in case anybody else would find it useful:
--Jesse Barnum, President, 360Works
http://www.360works.com
(770) 234-9293
package com.prosc.servlet;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.IOException;
/**
* This class will set the cookie maxAge to match the session timeout
value. That way, a user who closes their browser and
* re-enters the site will still have the same session if it has not
timed out on the server.
*/
public class SessionCookieExtender implements Filter {
private static final String JSESSIONID = "JSESSIONID";
public void init( FilterConfig config ) throws ServletException {}
public void doFilter( ServletRequest _request, ServletResponse
_response, FilterChain chain ) throws IOException, ServletException {
if( _response instanceof HttpServletResponse ) {
HttpServletRequest httpRequest = (HttpServletRequest)_request;
HttpServletResponse httpResponse = (HttpServletResponse)_response;
HttpSession session = httpRequest.getSession();
if( session != null && session.getId() != null ) {
Cookie sessionCookie = new Cookie( JSESSIONID, session.getId() );
int sessionTimeoutSeconds = session.getMaxInactiveInterval();
sessionCookie.setMaxAge( sessionTimeoutSeconds );
sessionCookie.setPath( httpRequest.getContextPath() );
httpResponse.addCookie( sessionCookie ); //FIX! This doesn't
actually get rid of the other cookie, but it seems to work OK
}
}
chain.doFilter( _request, _response );
}
public void destroy() {}
}
On Jun 29, 2007, at 2:50 PM, Eric Berry wrote:
> You will probably have to write a valve for this. I had to write one
> to set the session cookie's domain so that it's a site wide domain.
>
> I posted the code to this mailing list a while back. If you do a
> search you should be able to find it, if not let me know I'll see if I
> can get a hold of it.
>
> Eric
>
> On 6/29/07, Christopher Schultz <ch...@christopherschultz.net> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> All,
>>
>> Jesse Barnum wrote:
>> > Well, you can set the max age on a cookie to something > 0,
>> which means
>> > that it will persist for that amount of time, even if the user's
>> browser
>> > window is closed. I'm just trying to figure out if there is a
>> way to
>> > tell Tomcat to set that property on the cookies that it creates
>> to store
>> > the session ID's.
>>
>> You may have to do it manually (that is, grab the Cookie object
>> from the
>> response and force the maxage).
>>
>> On the other hand, the user's session is going to time out within
>> that
>> 48 hours, so what's the point of maintaining the JSESSIONID cookie
>> past
>> the browser-session?
>>
>> - -chris
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.7 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFGhUcu9CaO5/Lv0PARAjzeAJ9PAkO2n4InRn9s9KaoCTlZ6gogowCgipM2
>> VibFQ3g7DvtU4ajdOcsOa94=
>> =Jdtn
>> -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> --
> Learn from the past. Live in the present. Plan for the future.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [SOLVED] Re: How do I set maxage on the JSESSIONID cookie?
Posted by Jesse Barnum <js...@360works.com>.
I'm modifying the response by appending a session cookie whose maxAge
has been configured to a positive value. I'm writing it as a Filter
because 1) Eric suggested that (well, he suggested a Valve, but from
my limited understanding, it seems like a Filter does the same thing
and is not specific to Tomcat) and 2) it seems like this will make it
easy to to use with any other servlet app that I want.
--Jesse Barnum, President, 360Works
http://www.360works.com
(770) 234-9293
On Jun 29, 2007, at 7:32 PM, Martin Gainty wrote:
> Curious as to why you're writing a Filter
> Are you modifying Request Headers or the Request itself?
> Thx,
> M--
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [SOLVED] Re: How do I set maxage on the JSESSIONID cookie?
Posted by Martin Gainty <mg...@hotmail.com>.
Curious as to why you're writing a Filter
Are you modifying Request Headers or the Request itself?
Thx,
M--
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed. If you have received this email message in error, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy. Thank you.
----- Original Message -----
From: "Jesse Barnum" <js...@360works.com>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Friday, June 29, 2007 7:05 PM
Subject: [SOLVED] Re: How do I set maxage on the JSESSIONID cookie?
> Eric, that worked - your code was very helpful, thanks. I wound up
> doing it as a Filter instead of a Valve, so that it would not be tied
> to Tomcat.
>
> Here is the code in case anybody else would find it useful:
>
> --Jesse Barnum, President, 360Works
> http://www.360works.com
> (770) 234-9293
>
>
>
> package com.prosc.servlet;
>
> import javax.servlet.*;
> import javax.servlet.http.*;
> import java.io.IOException;
>
> /**
> * This class will set the cookie maxAge to match the session timeout
> value. That way, a user who closes their browser and
> * re-enters the site will still have the same session if it has not
> timed out on the server.
> */
> public class SessionCookieExtender implements Filter {
> private static final String JSESSIONID = "JSESSIONID";
>
> public void init( FilterConfig config ) throws ServletException {}
>
> public void doFilter( ServletRequest _request, ServletResponse
> _response, FilterChain chain ) throws IOException, ServletException {
> if( _response instanceof HttpServletResponse ) {
> HttpServletRequest httpRequest = (HttpServletRequest)_request;
> HttpServletResponse httpResponse = (HttpServletResponse)_response;
>
> HttpSession session = httpRequest.getSession();
> if( session != null && session.getId() != null ) {
> Cookie sessionCookie = new Cookie( JSESSIONID, session.getId() );
> int sessionTimeoutSeconds = session.getMaxInactiveInterval();
> sessionCookie.setMaxAge( sessionTimeoutSeconds );
> sessionCookie.setPath( httpRequest.getContextPath() );
> httpResponse.addCookie( sessionCookie ); //FIX! This doesn't
> actually get rid of the other cookie, but it seems to work OK
> }
> }
> chain.doFilter( _request, _response );
> }
>
> public void destroy() {}
> }
>
>
>
> On Jun 29, 2007, at 2:50 PM, Eric Berry wrote:
>
>> You will probably have to write a valve for this. I had to write one
>> to set the session cookie's domain so that it's a site wide domain.
>>
>> I posted the code to this mailing list a while back. If you do a
>> search you should be able to find it, if not let me know I'll see if I
>> can get a hold of it.
>>
>> Eric
>>
>> On 6/29/07, Christopher Schultz <ch...@christopherschultz.net> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> All,
>>>
>>> Jesse Barnum wrote:
>>> > Well, you can set the max age on a cookie to something > 0,
>>> which means
>>> > that it will persist for that amount of time, even if the user's
>>> browser
>>> > window is closed. I'm just trying to figure out if there is a
>>> way to
>>> > tell Tomcat to set that property on the cookies that it creates
>>> to store
>>> > the session ID's.
>>>
>>> You may have to do it manually (that is, grab the Cookie object
>>> from the
>>> response and force the maxage).
>>>
>>> On the other hand, the user's session is going to time out within
>>> that
>>> 48 hours, so what's the point of maintaining the JSESSIONID cookie
>>> past
>>> the browser-session?
>>>
>>> - -chris
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.7 (MingW32)
>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>>
>>> iD8DBQFGhUcu9CaO5/Lv0PARAjzeAJ9PAkO2n4InRn9s9KaoCTlZ6gogowCgipM2
>>> VibFQ3g7DvtU4ajdOcsOa94=
>>> =Jdtn
>>> -----END PGP SIGNATURE-----
>>>
>>> ---------------------------------------------------------------------
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>>
>> --
>> Learn from the past. Live in the present. Plan for the future.
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org