• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Regarding Session life time

 
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear Friends,
we are developing a web site using jsp,servlets.i would like to set the session life time as long as the clients accessing the site.
now if the client doesnt do anything onb page the session life time comes to end after 3 seconds.i want to disable the session after the client made the sign out. how to do that?
or how can i set session valid for atleast one day.
thanks
regards
saran
 
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi saravana,
Take a look at javax.servlet.http.HttpSession.setMaxInactiveInterval(int interval), but be careful to gaurantee that eventually every session expires.
 
Ranch Hand
Posts: 154
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Saravana, Check out what Rob Misek has given - but be warned that you need resources to maintain session and they don't come cheap. 3 seconds seems really tight but on the other hand, one day seems way too long. What would the users do?
You will have to arrive at a value that is acceptable so that the session can be invalidated.
For ex: Set the Maximum inactive interval to 30 minutes - so you application server itself will take care of session invalidation after this time.
Also, The sign-out logic itself should have session invalidation (say 25 minutes) to free up the resources.
if( last access time > max inactive time ) session.invalidate();
This way if users click on logout button, then you invalidate the sessions. BUT, if the users close their browser windows using the X button (which most of them do), then the app server invalidates the session.
reply
    Bookmark Topic Watch Topic
  • New Topic