Edmund Lian wrote:
> Under what circumstances does Webware generate a new session ID? For
> example, if I clear out the session store, will the session ID be
> regenerated?
Clearing out the session shouldn't cause the session ID to be regenerated (I
think).
I think if your servlets don't actually use sessions, they won't cause a
session ID to be generated. But all of my servlets use sessions so I can't
say for sure :-)
>
> I don't quite understand what's going on. I see that Webware
> generates a
> session ID in ~/Sessions. But when does it decide to do so?
> When I first
> hit the site, no session ID is generated. But if I switch to
> one context,
> an ID is generated. Moving from one context to another
> sometimes generates
> a new session, sometimes not. It must be my code that's
> causing this, but I
> never at anytime invalidate a session, but I do sometimes
> clear all session
> variables.
I think that contexts are supposed to share a single session, so you
wouldn't expect switching contexts to result in a new session ID. But I
might be mistaken.
>
> When looking at the cookie using Mozilla's cookie management
> tool, I see
> that the session ID cookie expires "at end of session", so
> perhaps this is
> the problem? Shouldn't the cookie's expiration date always be
> 60 minutes
> into the future (if SessionTimeout is set to 60 minutes)?
No, the idea is that as soon as you close the browser, the session expires.
Think of it as a security feature to prevent another user from using your
session.
- Geoff
|