| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Resin 3.1 Documentation Examples Changes Overview Installation Configuration Quercus SOA/IoC JSP Servlets and Filters Admin (JMX) EJB Amber Security Performance Hessian XML and XSLT Third-party Troubleshooting/FAQ tags Common Tasks Relax Schema howto Config FAQ Scrapbook DB Scrapbook env tags <resin> <cluster> <server> port tags <host> <web-app> <database> session tags rewrite tags service tags log el variables el control |
<cookie-domain> child of session-config <cookie-comaind> configures the host domain to use for sessions, i.e. value of the Domain cookie attributes. By default, browsers only send cookies back to the exact host
which sent them. In some virtual host cases, it makes sense to share
the same cookie value for multiple virtual hosts in the same domain.
For example, <resin xmlns="http://caucho.com/ns/resin"> <cluster id="app-tier"> <host id="caucho.com"> <host-alias>gryffindor.caucho.com</host-alias> <host-alias>slytherin.caucho.com</host-alias> <web-app-default> <session-config cookie-domain="caucho.com"/> </web-app-default> </host> </cluster> </resin> <cookie-length> child of session-config <cookie-length> sets the length of the generated cookie value. In some rare cases, the cookie-length might need to be shortened or the cookie-length might be extended to add randomness to the cookie value. For the most part, this value should be left alone. default 14<cookie-max-age> child of session-config <cookie-max-age> sets how long the browser should keep the session cookie. By default, browsers keep cookies as long as they are open. When the browser is restarted, the cookies are dropped. cookie-max-age tells the browser to keep the cookie for a certain time period. Applications can make this time "infinite" by setting a large number. <cookie-version> <cookie-version> sets the version of the cookie spec for sessions. default 1.0<ignore-serialization-errors> child of session-config <ignore-serialization-errors> is used with persistent sessions
in certain rare cases where some session data is serializable and other
data is not serializable. <ignore-serialization-errors> simply
skips session values which do not implement <session-config> Session configuration parameters.
Resin adds a number of tags.
By default, both <web-app id='/'> <session-config enable-cookies='false' enable-url-rewriting='true'/> </web-app> The <web-app id='/dir'> <session-config> <!-- 2 hour timeout --> <session-timeout>120</session-timeout> <session-max>4096</session-max> </session-config> </web-app> is used to limit the maximum length for the session's generated cookie for special situations like WAP devices. Reducing this value reduces the randomness in the cookie and increases the chance of session collisions. defaults to true so that Resin can share the session id amongst different web-apps. The class that corresponds to <session-config> is com.caucho.server.session.SessionManager <session-max> child of session-config <session-max> sets the maximum number of sessions stored in memory for a particular <web-app>. The total number of persisted sessions may be larger. default 4096<save-mode> child of session-config <save-mode> configures when Resin should save a persistence session during a request. The values are:
In some situations, like redirects, a fast browser can send a request back to Resin before the session is persisted with the sticky sessions, the load balancer might send the request to a different server, which may not get the updated session. In the situation, either the save-mode should be changed to or sticky sessions should be enabled. save-mode. If the server is configured withoutIf the save-mode is default after-request , the application should take care to make any session changes before sending data to the browser.<session-timeout> child of session-config <session-timeout> sets how long a <web-app> should keep an idle session before invalidating it. The value is specified in minutes. default 30min
|