You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Dave Roberts <da...@hotmail.com> on 2006/11/14 00:12:14 UTC
Cookie expiry date...
Hello,
After an absurd amount of searching about, I have not been able to find a
single reference on how to ensure that the cookies set by Tomcat expire 3
months after they're created (they currently expire sometime in 2019).
I am aware of the session time out that can be set in web.xml...
<session-config>
<session-timeout>129600</session-timeout>
</session-config>
...but this does not help.
Any ideas?
Thanks,
Dave
_________________________________________________________________
Stay in touch with old friends and meet new ones with Windows Live Spaces
http://clk.atdmt.com/MSN/go/msnnkwsp0070000001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Cookie expiry date...
Posted by Dave Roberts <da...@hotmail.com>.
Thanks for the reply.
I am unable to tell where the cookie is coming from, so instead I have
created a filter (declared in web.xml).
Inside the filter I get all the cookies in the incoming HttpServletRequest
object and where the getMaxAge() returns -1, I set it to 129600 (then call
addCookie on the HttpServletResponse object). However, when I look at the
expiry date in the browser, it's still in 2019.
I've included the filter code below.
Thanks,
Dave
public void doFilter(ServletRequest req, ServletResponse res, FilterChain
chain) throws IOException, ServletException
{
check();
m_Logger.debug("Calling doFilter on the CookieExpiryFilter");
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
Cookie[] lclC = request.getCookies();
for (int i = 0; i < lclC.length; i++)
{
m_Logger.debug("Found a cookie named " + lclC[i].getName() + " with
a maximum age of " + lclC[i].getMaxAge());
if (lclC[i].getMaxAge() == -1)
{
if (fc.getInitParameter("Max-Age") != null)
{
try
{
int lclMaxAge =
Integer.parseInt(fc.getInitParameter("Max-Age"));
m_Logger.debug("Setting cookie " + lclC[i].getName() + "
to have an age of " + lclMaxAge);
lclC[i].setMaxAge(lclMaxAge);
response.addCookie(lclC[i]);
}
catch (NumberFormatException e)
{
m_Logger.error("Cookie age is not a number (check
web.xml)", e);
}
}
}
}
chain.doFilter(req, res);
m_Logger.debug("Completed doFilter on the CookieExpiryFilter");
}
>From: "David Rees" <dr...@gmail.com>
>Reply-To: "Tomcat Users List" <us...@tomcat.apache.org>
>To: "Tomcat Users List" <us...@tomcat.apache.org>
>Subject: Re: Cookie expiry date...
>Date: Mon, 13 Nov 2006 15:44:57 -0800
>
>On 11/13/06, Dave Roberts <da...@hotmail.com> wrote:
>>After an absurd amount of searching about, I have not been able to find a
>>single reference on how to ensure that the cookies set by Tomcat expire 3
>>months after they're created (they currently expire sometime in 2019).
>
>What cookies are you talking about? Session cookies or cookies
>explicitly set by the application?
>
>>I am aware of the session time out that can be set in web.xml...
>>
>><session-config>
>><session-timeout>129600</session-timeout>
>></session-config>
>
>These control the life of sessions on the server, which means that the
>longest it will keep track of an inactive session cookie is 129600
>seconds. If the session remains active, it will keep the session alive
>indefinitely. These session cookies will also disappear if the client
>closes their browser.
>
>>...but this does not help.
>
>Which implies that you may be talking about application created cookies?
>
>-Dave
>
>---------------------------------------------------------------------
>To start a new topic, e-mail: users@tomcat.apache.org
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
_________________________________________________________________
Try the next generation of search with Windows Live Search today!
http://imagine-windowslive.com/minisites/searchlaunch/?locale=en-us&source=hmtagline
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Cookie expiry date...
Posted by David Rees <dr...@gmail.com>.
On 11/13/06, Dave Roberts <da...@hotmail.com> wrote:
> After an absurd amount of searching about, I have not been able to find a
> single reference on how to ensure that the cookies set by Tomcat expire 3
> months after they're created (they currently expire sometime in 2019).
What cookies are you talking about? Session cookies or cookies
explicitly set by the application?
> I am aware of the session time out that can be set in web.xml...
>
> <session-config>
> <session-timeout>129600</session-timeout>
> </session-config>
These control the life of sessions on the server, which means that the
longest it will keep track of an inactive session cookie is 129600
seconds. If the session remains active, it will keep the session alive
indefinitely. These session cookies will also disappear if the client
closes their browser.
> ...but this does not help.
Which implies that you may be talking about application created cookies?
-Dave
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org