To be RESTful, each HTTP request should carry enough information by itself for its recipient to process it to be in complete harmony with the stateless nature of HTTP. Okay, I get that HTTP authentication is done automatically on every message – but how? Yes, the username and password is sent with every request. The … Read more
I would think you’ll want to think about if things really belong in a session state. This is something I find myself doing every now and then and it’s a nice strongly typed approach to the whole thing but you should be careful when putting things in the session context. Not everything should be there … Read more
Session timeout is a notion that has to be implemented in code if you want strict guarantees; that’s the only way you can be absolutely certain that no session ever will survive after X minutes of inactivity. If relaxing this requirement a little is acceptable and you are fine with placing a lower bound instead … Read more
Are you using Forms authentication? Forms authentication uses it own value for timeout (30 min. by default). A forms authentication timeout will send the user to the login page with the session still active. This may look like the behavior your app gives when session times out making it easy to confuse one with the … Read more
Briefly: Always use transactions Don’t use Close(), instead wrap your calls on an ISession inside a using statement or manage the lifecycle of your ISession somewhere else. From the documentation: From time to time the ISession will execute the SQL statements needed to synchronize the ADO.NET connection’s state with the state of objects held in … Read more
I know this topic is old, but this issue keeps coming up and has not been addressed to my satisfaction: Whether you save objects in $_SESSION, or reconstruct them whole cloth based on data stashed in hidden form fields, or re-query them from the DB each time, you are using state. HTTP is stateless (more … Read more
If you want to set the timeout to 20 minutes, use something like this: <configuration> <system.web> <sessionState timeout=”20″></sessionState> </system.web> </configuration>
So it seems that there is no way to reattach a stale detached entity in JPA. merge() will push the stale state to the DB, and overwrite any intervening updates. refresh() cannot be called on a detached entity. lock() cannot be called on a detached entity, and even if it could, and it did reattach … Read more
This can be caused by having Chrome set to Continue where you left off. Further reading Bug report: Chrome is not deleting temporary cookies – i.e. not logging me out automatically when I close all browser Windows Issue 128513 in Chromium: Session Cookies not cleared when Chrome processes closed Issue 128567: Session only cookies don’t … Read more
The concept is storing persistent data across page loads for a web visitor. Cookies store it directly on the client. Sessions use a cookie as a key of sorts, to associate with the data that is stored on the server side. It is preferred to use sessions because the actual values are hidden from the … Read more