-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Konstantin,
On 7/14/2011 10:53 AM, Christopher Schultz wrote:
> On 7/14/2011 10:40 AM, Konstantin Kolinko wrote:
>>
>> I cannot say without reading the letter of the spec.
>
> I'll take a look.
Servlet 3.0 section 14.4.10 is the only place I can se
On 14/07/2011 15:54, André Warnier wrote:
> Konstantin Kolinko wrote:
> ...
>>
>> 1) Updating it with every response sounds lame.
>>
>> 2) max-age value should be consistent between all web applications
>> that might share the session cookie.
>> Otherwise there will be inconsistencies and breakages
Konstantin Kolinko wrote:
...
1) Updating it with every response sounds lame.
2) max-age value should be consistent between all web applications
that might share the session cookie.
Otherwise there will be inconsistencies and breakages.
Are you not confusing "max-age" with "last access" ?
Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Konstantin,
On 7/14/2011 10:40 AM, Konstantin Kolinko wrote:
> 2011/7/14 Christopher Schultz :
>>
>> Konstantin,
>>
>> On 7/13/2011 8:54 PM, Konstantin Kolinko wrote:
>>> AFAIK, 1) Tomcat won't send Set-Cookie when session id is
>>> already known (e
On 14/07/2011 15:27, Christopher Schultz wrote:
> Konstantin,
>
> On 7/13/2011 8:54 PM, Konstantin Kolinko wrote:
>> AFAIK, 1) Tomcat won't send Set-Cookie when session id is already
>> known (either from this webapp or from webapp on its parent path
>> such as ROOT).
>
> That would sound like a
2011/7/14 Christopher Schultz :
>
> Konstantin,
>
> On 7/13/2011 8:54 PM, Konstantin Kolinko wrote:
>> AFAIK, 1) Tomcat won't send Set-Cookie when session id is already
>> known (either from this webapp or from webapp on its parent path
>> such as ROOT).
>
> That would sound like a bug. If the ses
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Konstantin,
On 7/13/2011 8:54 PM, Konstantin Kolinko wrote:
> AFAIK, 1) Tomcat won't send Set-Cookie when session id is already
> known (either from this webapp or from webapp on its parent path
> such as ROOT).
That would sound like a bug. If the s
e max age isn't updated to reflect the current
state of the session.
-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
Sent: Wednesday, July 13, 2011 8:55 PM
To: Tomcat Users List
Subject: Re: Session cookie max age
2011/7/14 Josh Simmons :
> Our web.x
2011/7/14 Josh Simmons :
> Our web.xml file minus listeners and servlet config. I also removed some
> taglib definitions.
>
>
>
> PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
> "http://java.sun.com/dtd/web-app_2_3.dtd";>
Eh... remove the above. It isn't servlet 2.3 we
ednesday, July 13, 2011 5:43 PM
To: Tomcat Users List
Subject: Re: Session cookie max age
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Josh,
On 7/13/2011 5:15 PM, Josh Simmons wrote:
> I was afraid I wasn't being specific enough - sorry.
>
> 180
> 10800
>
Can you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Josh,
On 7/13/2011 5:15 PM, Josh Simmons wrote:
> I was afraid I wasn't being specific enough - sorry.
>
> 180
> 10800
>
Can you post your entire web.xml? You can remove all the servlet,
listener, and security constraint stuff.
> We do not
st
Subject: Re: Session cookie max age
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Josh,
On 7/13/2011 2:14 PM, Josh Simmons wrote:
> We tried to set the cookie max age to 3 hours, the exact same time as
> our session timeout.
So, this is a non-session cookie?
> However, I was extre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Josh,
On 7/13/2011 2:14 PM, Josh Simmons wrote:
> We tried to set the cookie max age to 3 hours, the exact same time as
> our session timeout.
So, this is a non-session cookie?
> However, I was extremely surprised that the session cookie didn't
> ge
13 matches
Mail list logo
