Database Reference
In-Depth Information
After you create
context.xml
and restart Tomcat, invoke the
sess_track.jsp
or
sess_track2.jsp
scripts a few times to initiate a session. Each should behave the same as
before you reconfigured Tomcat, but now session information will be stored in MySQL.
After a period of inactivity equal to the
<Manager>
element
maxIdleBackup
attribute
value, you should see a session record appear in the
tomcat_session
table. If you watch
the MySQL query log, you should also see sessions being saved to MySQL when you
stop Tomcat.
Session expiration in Tomcat
Sessions persist for 30 minutes by default. To provide an explicit duration for a session
manager, add a
maxInactiveInterval
attribute (in seconds) to your
<Manager>
ele‐
ment. To provide a duration specific to a particular application context, add a
<session-
config>
element to the application's
WEB-INF/web.xml
file, specifying a timeout in
minutes. For example, to use a value of 60 minutes:
<session-config>
<session-timeout>
60
</session-timeout>
</session-config>
If you modify either the file containing the
<Manager>
element or the
web.xml
file, restart
Tomcat.
Session tracking in Tomcat
Although your JSP pages need do nothing to have Tomcat set up sessions or to use JDBC
for session storage, they may need to take a small step to make sure that sessions move
from request to request properly. This is necessary if you generate pages that contain
hyperlinks to other pages that participate in the same session.
Tomcat generates a session identifier and tracks the session using cookies if it receives
a cookie from the client that contains the session ID. If the client has cookies disabled,
Tomcat tracks the session by rewriting URLs to include the session ID. You need not
determine which method Tomcat is using, but you must ensure proper propagation of
the session ID in case it is being passed by URL rewriting. When you create a page that
includes a link to another page that is part of the session, do not list the path to the page
like this:
To go to the next page,
<a
href=
"nextpage.jsp"
>
click here
</a>
.
That link doesn't contain the session ID. If Tomcat is tracking the session using URL
rewriting, the ID is lost when the user selects the link. Instead, pass the link to
enco
deURL()
to enable Tomcat to add the session ID to the URL as necessary:
To go to the next page,
<a
href=
"
<%=
response
.
encodeURL
(
"nextpage.jsp"
)
%>
"
>
click here
</a>
.
