Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session:JWeb+

 
Vikrama Sanjeeva
Ranch Hand
Posts: 760
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Question ID :996258797686
In which of the following situations a session will definitely be invalidated?
ANS:2nd & 3rd options.(not mentioning here...)
However its 4th option is wrong which is.....

if the session time out is set to 0, the session will never be invalidated automatically.

In explanation of this 4th option JWebPlus says..

The value is -1 & not 0!

But when i refer to specification, i got the following...

The session-timeout element defines the default session timeout interval for all sessions created in this web application. The specified timeout must be expressed in a whole number of minutes.If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out.

What to do?.Am i missing some thing??
Bye.
Viki.
 
Paul Anilprem
Enthuware Software Support
Ranch Hand
Posts: 3760
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SRV 7.5 (Last line):
By definition, if the timeout period for a session is set to -1, the session will never expire.
 
Paul Anilprem
Enthuware Software Support
Ranch Hand
Posts: 3760
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, looks like there is an inconsistancy in the spec. itself. In SRV 13.3, in the description of <session-timeout>, it says, "If the timeout is 0 or less...".

I think, "0 or less" applies to web.xml, while "-1" applies to the setMaxInactiveInterval() method.
 
Madhav Lakkapragada
Ranch Hand
Posts: 5040
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul:
I couldn't agree with you more. Please see our previous discussion on the subject, we do have an example.
regds.
- satya
 
Scott Ramsey
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As I understand it, there are two issues here.
1. Setting the <session-timeout> element in web.xml to zero or less means that the default for ALL sessions in the web app is to never expire.
2. Programmatically calling HttpSession.setMaxInactiveInterval() with any negative integer will set this SPECIFIC session to never expire. (Previous thread's testing seems to show that making this call with zero as the integer time's out the session as soon as it is created.)
Not an inconsistency, just a difference in scope.
[ February 28, 2002: Message edited by: Scott Ramsey ]
 
Madhav Lakkapragada
Ranch Hand
Posts: 5040
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not an inconsistency, just a difference in scope
While, the difference in scope (one servlet verses all servlets) is agreed, you need to note the inconsistency in the use of a session-timeout value of "0" zero.
When used in the web-app, the session will never invalidate. On the other hand when used in the setMaxInactivveInterval(0) method, it invalidates the session immediately (well, almost).
Hope you see the inconsistency.
regds.
- satya
 
Scott Ramsey
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Agreed. Hastily worded reply is my error.
I was trying to address the confusion between the web.xml element's effects and that of the method call on the session itself.
But, regardless of scope, it sure would have made our lives a little bit easier if the rule was just to always use a negative integer, etc.
Hey, perhaps we can see this as increased job security!
 
Madhav Lakkapragada
Ranch Hand
Posts: 5040
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
increased job security
okay, now that is a sensitive issue, don't even drag me into that..... :roll:
- satya........end of transmission on this issue!!!
 
Vikrama Sanjeeva
Ranch Hand
Posts: 760
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

When used in the web-app, the session will never invalidate. On the other hand when used in the setMaxInactivveInterval(0) method, it invalidates the session immediately (well, almost).


Thats the difference..
Bye.
Viki.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic