In which of the following situations a session will definitely be invalidated?
ANS:2nd & 3rd options.(not mentioning here...)
However its 4th option is wrong which is.....
if the session time out is set to 0, the session will never be invalidated automatically.
In explanation of this 4th option JWebPlus says..
The value is -1 & not 0!
But when i refer to specification, i got the following...
The session-timeout element defines the default session timeout interval for all sessions created in this web application. The specified timeout must be expressed in a whole number of minutes.If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out.
What to do?.Am i missing some thing??
I couldn't agree with you more. Please see our previous discussion on the subject, we do have an example.
1. Setting the <session-timeout> element in web.xml to zero or less means that the default for ALL sessions in the web app is to never expire.
2. Programmatically calling HttpSession.setMaxInactiveInterval() with any negative integer will set this SPECIFIC session to never expire. (Previous thread's testing seems to show that making this call with zero as the integer time's out the session as soon as it is created.)
Not an inconsistency, just a difference in scope.
[ February 28, 2002: Message edited by: Scott Ramsey ]
While, the difference in scope (one servlet verses all servlets) is agreed, you need to note the inconsistency in the use of a session-timeout value of "0" zero.
When used in the web-app, the session will never invalidate. On the other hand when used in the setMaxInactivveInterval(0) method, it invalidates the session immediately (well, almost).
Hope you see the inconsistency.
I was trying to address the confusion between the web.xml element's effects and that of the method call on the session itself.
But, regardless of scope, it sure would have made our lives a little bit easier if the rule was just to always use a negative integer, etc.
Hey, perhaps we can see this as increased job security!