Konstantin Kolinko wrote:
...
1) Updating it with every response sounds lame.
2) max-age value should be consistent between all web applications
that might share the session cookie.
Otherwise there will be inconsistencies and breakages.
Are you not confusing "max-age" with "last access" ?
The expiration of a cookie (like the expiration of a session), in my view should be
calculated on the base of :
last access + max-age, compared to "now"
And then, there is the question of whether "last access" should be updated when the
request is received, or when the response is sent.
(Apparently the Servlet Spec has things to say on the matter, and some recently added
Tomcat properties also).
There was another thread recently debating similar issues, in the context of long file
upload requests.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
