As of Servlet 3.0, this can simply be specified in the web.xml: <session-config> <session-timeout>720</session-timeout> <!– 720 minutes = 12 hours –> <cookie-config> <max-age>43200</max-age> <!– 43200 seconds = 12 hours –> </cookie-config> </session-config> Note that session-timeout is measured in minutes but max-age is measured in seconds.
Rails has “tamper-proof” session cookies. To prevent session hash tampering, a digest is calculated from the session with a server-side secret and inserted into the end of the cookie. Just make sure you have a long secret. If you want to periodically reset all user sessions change your secret. To answer your question, if you … Read more
connect-mongo (https://github.com/kcbanner/connect-mongo) looks better then others. express-session-mongo and connect-session-mongo are very old and based on old version of mongodb driver. session-mongoose based on mongoose, that slower than mongodb driver. I think connect-mongo is the best choose.
The session cookie is per-process not per window. So even if you selected New Window you’d still get the same session id. This behavior makes sense. You wouldn’t want a user to re-sign in each time they opened a new window while browsing your site. I’m not aware off hand of any real way around … Read more
The solution would be to set SESSION_COOKIE_DOMAIN = ‘.example.com’ and rename the session cookie name, e.g. SESSION_COOKIE_NAME = ‘examplesessionid’ on the Django instance that is driving the two subdomains. The two sites will use the renamed cookie with a global scope and not interfere with the other Django instances, using the default ‘sessionid’ cookie on … Read more
Your problem is that the hibernate Session lives only for one request. It opens in the start of the request and closes at the end. You guessed the answer: Hibernate session is closed before both requests are finished. Exactly what is happening? Your entity objects live during both requests. How? They are stored in the … Read more
Session state is kept entirely server-side, no matter which storage method you use (in-memory, session state server or database). So unless your server is hacked, Session variables are safe. And in case your server does get hacked, the hacker would only have access to the data in his own session, unless he finds a way … Read more