Setting permenanet cookies using WebSphere Application Server

By default the value of Cookie Maximum age is set to Current browser session, so what that means is that the HttpSession is maintained in the browsers memory and stays there till the users browser is open. And when user browser is closed the HTTPSession information is lost, so if user browser is closed or crashed for some reason, if he opens a new browser his HTTP Session information will be lost and user will have to login again.

You might have a business requirement, where you might want to maintain users session across multiple browser session. Ex. you might want to remember user for next 10 days. In that case you can Check the Set Maximum age radio button and set maximum age to say 864000 seconds.

After you made that change when user logs in you can generate his HTTPSession object and when the JSESSIONID cookie is sent it will look like this. Did you see the Expiration time is set to after 10 days.

Now close your browser and restart new instance, if you go to show cookies you will notice that the JSESSIONID generated for user is still there. Now if user makes any request to localhost before the cookie is expired then browser will include this cookie in the request and on the server side you can use the JSESSIONID to identify the user and let him resume his work

No comments: