Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session timeout problem

 
aliasger talib
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi ,
In session invalidation, the timeout period for that session can be specified in seconds using the setMaximumInactiveInterval() method.
And even in the deployment descriptor, using the <session-timeout> tag, timeout for all sessions in the application can be specified in minutes.
My question is, if both are specified for a session, then which one takes precedence?
Thanks for the help.
-Ali
 
Vedhas Pitkar
Ranch Hand
Posts: 445
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Dont know for sure but i tink it's the setMaximumInactiveInterval() method which takes precedence if both time outs r specified.Correct me if i am wrong.
 
Kyle Tang
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Session.setMaxInactiveInterval() will work for that particular Session object.
remember, <session-timeout> is for all the sessions in your web-app.
So if you have this:
<session-timeout>=5
and you call session1.setMaxInactiveInterval(360), then session1 will have timeout 6 minutes, but all the other sessions will have time-out 5 minutes.
 
Maha Annadurai
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also note that there is a small inconsistancy between the Servlet DTD and API.
A 0 (Zero) or -ve value for <session-timeout> would make the sessions not to expire. On the other hand, if we use HttpSession.setMaxInactiveInterval( int secs) method, only -ve values will make that session not to expire.
From Servlet 2.3 DTD,
--------------------
<!--
The session-timeout element defines the default session timeout
interval for all sessions created in this web application. The
specified timeout must be expressed in a whole number of minutes.
If the timeout is 0 or less, the container ensures the default
behaviour of sessions is never to time out.
Used in: session-config
-->
From Servlet API
-----------------
public void setMaxInactiveInterval(int interval)Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.

I wanted to check this with Tomcat and found that when I set <session-timeout>0</session-timeout> in web.xml, the session does get invalidated immediately after it's creation. (which is against the servlet 2.3 DTD )
Regards,
Maha Anna
[ November 30, 2002: Message edited by: Maha Annadurai ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic