• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Session timeout problem

Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi ,
In session invalidation, the timeout period for that session can be specified in seconds using the setMaximumInactiveInterval() method.
And even in the deployment descriptor, using the <session-timeout> tag, timeout for all sessions in the application can be specified in minutes.
My question is, if both are specified for a session, then which one takes precedence?
Thanks for the help.
Ranch Hand
Posts: 445
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Dont know for sure but i tink it's the setMaximumInactiveInterval() method which takes precedence if both time outs r specified.Correct me if i am wrong.
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Session.setMaxInactiveInterval() will work for that particular Session object.
remember, <session-timeout> is for all the sessions in your web-app.
So if you have this:
and you call session1.setMaxInactiveInterval(360), then session1 will have timeout 6 minutes, but all the other sessions will have time-out 5 minutes.
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also note that there is a small inconsistancy between the Servlet DTD and API.
A 0 (Zero) or -ve value for <session-timeout> would make the sessions not to expire. On the other hand, if we use HttpSession.setMaxInactiveInterval( int secs) method, only -ve values will make that session not to expire.
From Servlet 2.3 DTD,
The session-timeout element defines the default session timeout
interval for all sessions created in this web application. The
specified timeout must be expressed in a whole number of minutes.
If the timeout is 0 or less, the container ensures the default
behaviour of sessions is never to time out.
Used in: session-config
From Servlet API
public void setMaxInactiveInterval(int interval)Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.

I wanted to check this with Tomcat and found that when I set <session-timeout>0</session-timeout> in web.xml, the session does get invalidated immediately after it's creation. (which is against the servlet 2.3 DTD )
Maha Anna
[ November 30, 2002: Message edited by: Maha Annadurai ]
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!