|
|
|
Smiths |
|
|
Register |
|
|
Login |
|
njet.org
Anvil
Documentation
Configuration
session
session
Session controls how sessions are created and how information about sessions are delivered to the client. The session container used is the first one found when moving from session preference towards the root of configuration. When a session is marked 'required', there must be at least one configured session container.
A session can be carried to the client in three ways:
- URL redirecting
- The session is encoded to be the first part of the URI
(uniform resource indicator), following the host name. Note that
in some servlet enviroments, there might be a servlet path before the session:
servletpath session id pathinfo /servlet/anvil//path/info/index.nvl
This approach has the following benefit: After the session is inserted into the URI using redirection, no other work is needed. It will remain there as long as absolute URLs are not used. It also effectively prevents possible caching by proxies in the middle of a request. The downside is that link-coloring works only during the session; and when the site is linked, the session should be omitted from the link even though invalid sessions create no error: a new session is created silently.
Important: The dollar ($) sign in front of the session id is relevant, so you should avoid using URIs beginning with '$'.
- Cookies
-
The session id is carried in the cookie. This should work as well as URL-redirection. However, different browsers implement cookies differently and may cause problems. Setting the correct lifetime for cookies is also problematic. Proxies might cache the pages in spite of HTTP headers that specify against caching.
- Custom methods
- A session id could be carried, for instance, in the variable from request to request, retrieved with anvil.net.Context.getSession(), and created with anvil.net.Context.createSession().
See the anvil.session package.
| Attributes | ||
|---|---|---|
| name | default | description |
| required |
false
|
Specifies whether sessions are required. |
| autoredirect |
true
|
Controls whether URL auto-redirection should be used when a new session is created. Note that nothing prevents using both cookies and auto-redirection at the same time. By doing so, the cookie acts as a safety net in case the URI doesn't contain the session for some reason. |
| lifetime |
7200
|
Lifetime of the session, in seconds. When the lifetime is exceeded, the session is removed. |
| timeout |
1800
|
Timeout between requests. If no requests have been received for the specified timeout period, the session is removed. |
| cookies |
false
|
Specifies whether or not to use cookies for storing sessions. |
| cookiename |
sessionid
|
Name of the cookie used to carry the session id. The name should be different for each application in order to prevent clashes. |
| cookiepath |
N/A
|
Path in which the cookie is assigned. If no path is specified, the cookie is valid in the path where it was received. |
| cookiedomain |
N/A
|
Domain in which the cookie is assigned. If none is specified, the cookie is valid in the domain where it was received. |
| cookielifetime |
7200
|
Lifetime of the cookie, in seconds. A zero value indicates the cookie should be removed. A negative value will force the cookie to persist as long as the browser is open. |
| cookiesecured |
false
|
Specifies whether the cookie is secured, i.e., sent only over HTTPS connections. |
Example:
session:
required = true
autoredirect = true
lifetime = 10000
timeout = 500
end
|
Contributes notes:
|
Add a note
Anvil