• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Session timeout problem

 
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi ,
In session invalidation, the timeout period for that session can be specified in seconds using the setMaximumInactiveInterval() method.
And even in the deployment descriptor, using the <session-timeout> tag, timeout for all sessions in the application can be specified in minutes.
My question is, if both are specified for a session, then which one takes precedence?
Thanks for the help.
-Ali
 
Ranch Hand
Posts: 445
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Dont know for sure but i tink it's the setMaximumInactiveInterval() method which takes precedence if both time outs r specified.Correct me if i am wrong.
 
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Session.setMaxInactiveInterval() will work for that particular Session object.
remember, <session-timeout> is for all the sessions in your web-app.
So if you have this:
<session-timeout>=5
and you call session1.setMaxInactiveInterval(360), then session1 will have timeout 6 minutes, but all the other sessions will have time-out 5 minutes.
 
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Also note that there is a small inconsistancy between the Servlet DTD and API.
A 0 (Zero) or -ve value for <session-timeout> would make the sessions not to expire. On the other hand, if we use HttpSession.setMaxInactiveInterval( int secs) method, only -ve values will make that session not to expire.
From Servlet 2.3 DTD,
--------------------
<!--
The session-timeout element defines the default session timeout
interval for all sessions created in this web application. The
specified timeout must be expressed in a whole number of minutes.
If the timeout is 0 or less, the container ensures the default
behaviour of sessions is never to time out.
Used in: session-config
-->
From Servlet API
-----------------
public void setMaxInactiveInterval(int interval)Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.

I wanted to check this with Tomcat and found that when I set <session-timeout>0</session-timeout> in web.xml, the session does get invalidated immediately after it's creation. (which is against the servlet 2.3 DTD )
Regards,
Maha Anna
[ November 30, 2002: Message edited by: Maha Annadurai ]
 
reply
    Bookmark Topic Watch Topic
  • New Topic