Session and cookie timeouts ...confusing

Hi

Could someone pls carify me the timeout definitions
of the session and cookies?

I
F.ex if session is declared as follows
1) HttpSession.setMaxInactiveInterval(-1)
2) HttpSession.setMaxInactiveInterval(0)
3) HttpSession.setMaxInactiveInterval(10)

II
or if cookie is declared as follows
1) cookie.setMaxAge(-1)
2) cookie.setMaxAge(0)
3) cookie.setMaxAge(10)

III
How long time session and cookie exist in the variants above?

IV
What about if session is declared in DD like
<session-config>
<session-timeout>0</session-timeout>
</session-config>

V
or
<session-config>
<session-timeout>-1</session-timeout>
</session-config>

Pls help me out with this problematic definitions!

JRockie

The best way for you to learn it is to grab the Servlet Specification and check it yourself. It's easy and very effective

Answers:

HttpSession.setMaxInactiveInterval(-1) && HttpSession.setMaxInactiveInterval(0) also Question IV and V are all same ==> session doesnt expire.

HttpSession.setMaxInactiveInterval(10) session timeouts after 10seconds.

cookie.setMaxAge(-1) deleted when browser is closed.
cookie.setMaxAge(0) deleted at client side.


Hope I made it clear. If anyone else has difference in opinion please reply.

According to HFS on page 273, session.setMaxInactiveInterval(-1) will never expire. But session.setMaxInactiveInterval(0) will cause a immediate
invalidation of the session. Pls correct me!

JR
[ May 18, 2006: Message edited by: janne RockGulf ]

I
F.ex if session is declared as follows
1) HttpSession.setMaxInactiveInterval(-1)

Session will never Expire

2) HttpSession.setMaxInactiveInterval(0)

Session will expire after 0 sec of activity,means as soon as it is created

3) HttpSession.setMaxInactiveInterval(10)

Session will expire after 10 secs.

II
or if cookie is declared as follows
1) cookie.setMaxAge(-1)

cookie will be deleted when the client browser exits.

2) cookie.setMaxAge(0)

This cookie will be deleted almost immediately after it is created.

3) cookie.setMaxAge(10)

Cookie is deleted after 10 secs of activity

III
How long time session and cookie exist in the variants above?

IV
What about if session is declared in DD like
<session-config>
<session-timeout>0</session-timeout>
</session-config>

Session will never expire

V
or
<session-config>
<session-timeout>-1</session-timeout>
</session-config>
Session will never expire

Regards
Gaurav

Thanx for the explanations. I guess I had misunderstood
the concept of the following decl. (exp.. the first one)

<session-config>
<session-timeout>0</session-timeout>
</session-config>

and

<session-config>
<session-timeout>-1</session-timeout>
</session-config>

OK, I will just have to burn in that in both situations
session will never expire.

JR
[ May 18, 2006: Message edited by: janne RockGulf ]

Originally posted by janne RockGulf:
According to HFS on page 273, session.setMaxInactiveInterval(-1) will never expire. But session.setMaxInactiveInterval(0) will cause a immediate
invalidation of the session. Pls correct me!

But that is correct already.

The big confusion on the topic usually comes from the use of 0. In the real world it's really not a good idea to use 0 but you're expected on the exam to know how it behaves.

For setMaxInactiveInterval(), passing 0 is the same as calling invalidate() on the session. It kills the session off immediately. In the real world you might as well just call invalidate() to avoid confusion.

For the <session-timeout> tag, however, 0 means that the session will never expire due to timeout. In the real world you might as well just use -1 instead to eliminate any confusion.