Session Cookies

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Session Cookies

Wolfi-2
What exactly is the definition of a Session Cookie?

Does it get trashed after its tab, the window containing the tab or the whole
browser session ends?

Wolfi
_______________________________________________
Mozilla-os2 mailing list
[hidden email]
http://mail.mozilla.org/listinfo/mozilla-os2
Reply | Threaded
Open this post in threaded view
|

Re: Session Cookies

Lewis Rosenthal
On 12/16/2005 12:10 pm, Wolfi thus wrote :
> What exactly is the definition of a Session Cookie?
>
> Does it get trashed after its tab, the window containing the tab or the whole
> browser session ends?
>
> Wolfi
Typically, a session cookie is good for that logged-in (to the web
server) session only, after which the cookie is invalid. For a site
which requires authentication, this means that the cookie is good while
the client is authenticated (logged in). For a site which does not
require authentication, then as long as the client is available for
connection (and the server's timeout period has not expired - set on a
per-server basis, at the whim of the webmaster) the cookie will survive.

Now, to more appropriately address what I believe you're asking, on the
client side, for non-authenticated session cookies, the cookie survives
for the duration of the browser session. So, if I open up a dozen tabs
in SeaMonkey, and connect to a server in tab 10 which sets a session
cookie (with or without authentication), and I subsequently close that
tab (by accident, as I often do), I can simply reopen the closed tab and
resume my session. The server is unaware that my local "tab session" has
been interrupted. If I close the browser, but leave MailNews running, I
can re-open the browser, and go right back as though nothing has
happened. However, if I close all SeaMonkey apps, my session cookie is
destroyed, and I will need to obtain another one from the originating site.

Somewhere in that excessively verbose mess, did I happen to give you the
answer you were seeking, Wolfi? I hope so! ;-)

--
Lewis
------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE
Rosenthal & Rosenthal, LLC
Accountants / Network Consultants
   New York / Northern Virginia           www.2rosenthals.com
eComStation Consultants                  www.ecomstation.com
Novell Users International        www.novell.com/linux/truth
Need a managed Wi-Fi hotspot?               www.hautspot.com
------------------------------------------------------------
_______________________________________________
Mozilla-os2 mailing list
[hidden email]
http://mail.mozilla.org/listinfo/mozilla-os2
Reply | Threaded
Open this post in threaded view
|

Re: Session Cookies

Wolfi-2
Lewis Rosenthal wrote:

> On 12/16/2005 12:10 pm, Wolfi thus wrote :
>> What exactly is the definition of a Session Cookie?
>>
>> Does it get trashed after its tab, the window containing the tab or
>> the whole
>> browser session ends?
>>
>> Wolfi
> Typically, a session cookie is good for that logged-in (to the web
> server) session only, after which the cookie is invalid. For a site
> which requires authentication, this means that the cookie is good while
> the client is authenticated (logged in). For a site which does not
> require authentication, then as long as the client is available for
> connection (and the server's timeout period has not expired - set on a
> per-server basis, at the whim of the webmaster) the cookie will survive.
>
> Now, to more appropriately address what I believe you're asking, on the
> client side, for non-authenticated session cookies, the cookie survives
> for the duration of the browser session. So, if I open up a dozen tabs
> in SeaMonkey, and connect to a server in tab 10 which sets a session
> cookie (with or without authentication), and I subsequently close that
> tab (by accident, as I often do), I can simply reopen the closed tab and
> resume my session. The server is unaware that my local "tab session" has
> been interrupted. If I close the browser, but leave MailNews running, I
> can re-open the browser, and go right back as though nothing has
> happened. However, if I close all SeaMonkey apps, my session cookie is
> destroyed, and I will need to obtain another one from the originating site.
>
> Somewhere in that excessively verbose mess, did I happen to give you the
> answer you were seeking, Wolfi? I hope so! ;-)
>

Yes, you did :-)

I expected session cookies to be destroyed by the browser, once a tab or at the
latest, its parent window has been closed as well, but ran in exactly that kind
of scenarios, you just described.

Being logged in somewhere through a web frontend and then f.e. wanting to change
identities or for some reason just to repeat the login sequence, I usually also
end up right where I had had left shortly before, rather than having a fresh
start from the very beginning.

So I started to try to hunt down all possibly involved cookies for that connection,
currently present in my browser, to manually -very tedious and error prone- delete
them and hopefully not missing the most important ones for a new try. But that's
really no fun at all.

Well, maybe at some time in the future, someone will see the need for an additional
option for managing cookies, like "destroy all Cookies for that tab session" or
something like that.

Wolfi
_______________________________________________
Mozilla-os2 mailing list
[hidden email]
http://mail.mozilla.org/listinfo/mozilla-os2
Reply | Threaded
Open this post in threaded view
|

Re: Session Cookies

Lewis Rosenthal
On 12/17/2005 12:02 pm, Wolfi thus wrote :
> Lewis Rosenthal wrote:
>> On 12/16/2005 12:10 pm, Wolfi thus wrote :
>>> What exactly is the definition of a Session Cookie?
>>>

<snip>

>> Somewhere in that excessively verbose mess, did I happen to give you the
>> answer you were seeking, Wolfi? I hope so! ;-)
>>
>
> Yes, you did :-)
>
;-)

<snip>

> Being logged in somewhere through a web frontend and then f.e. wanting to change
> identities or for some reason just to repeat the login sequence, I usually also
> end up right where I had had left shortly before, rather than having a fresh
> start from the very beginning.
>
> So I started to try to hunt down all possibly involved cookies for that connection,
> currently present in my browser, to manually -very tedious and error prone- delete
> them and hopefully not missing the most important ones for a new try. But that's
> really no fun at all.
>
> Well, maybe at some time in the future, someone will see the need for an additional
> option for managing cookies, like "destroy all Cookies for that tab session" or
> something like that.
>
This sounds like an excellent RFE for MultiZilla, and I have had need of
something like this for some time, myself. I recommend dropping a note
on the MZ mailing list or in the ng, and see what HJ has to say about it.

--
Lewis
------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE
Rosenthal & Rosenthal, LLC
Accountants / Network Consultants
   New York / Northern Virginia           www.2rosenthals.com
eComStation Consultants                  www.ecomstation.com
Novell Users International        www.novell.com/linux/truth
Need a managed Wi-Fi hotspot?               www.hautspot.com
------------------------------------------------------------
_______________________________________________
Mozilla-os2 mailing list
[hidden email]
http://mail.mozilla.org/listinfo/mozilla-os2