• Post Reply Bookmark Topic Watch Topic
  • New Topic

making sessions to not expire  RSS feed

 
Bernard Sigmund Gustav
Ranch Hand
Posts: 170
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello
i was wondering how this is done using session.setMaxInactiveInterval();

at first, i did not set anything but it expires anyway.
so i'm trying not to let the session expire.
session.setMaxInactiveInterval(0) does not work.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From the API:
A negative time indicates the session should never timeout.
So setMaxInactiveInterval(-1) should be ok.

You can also set the timeout in web.xml using the <session-timeout> tag
In this case, if the timeout is 0 or less, the container ensures the
default behaviour of sessions is never to time out.
[ May 29, 2006: Message edited by: Satou kurinosuke ]
 
Bernard Sigmund Gustav
Ranch Hand
Posts: 170
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
oh ok.
thank you
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is a side effect to the suggestions above meaning the first solution should work but not without the second and vice versa - ie you need both.

Sessions are maintained by cookies, but these cookies are only maintained in memory by the browser and not on the file system. this means that closing the browser will always end the session since closing the browser will cause it to forget the cookie so it doesn't matter what the timeout value is.

BUT the first change causes the cookie to change from a volatile to persistent cookie, and the second change means it will never be rejected by the client.

Or so I think, I'll have to go double check in Marty Hall's Core Servlets and JSP book.

Dave.
 
Bernard Sigmund Gustav
Ranch Hand
Posts: 170
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
then how come i'm always logged in when i go to javaranch even if i close the browser?

what does it do?

thanks
 
Jeroen T Wenting
Ranch Hand
Posts: 1847
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Because your login here isn't linked to a session, it's a persistent cookie with an expiry date set to the end of time.

David forgets one point: if you set sessions to never expire you have a major problem.
Whenever a user closes his browser without first logging out (explicitly closing the session) you now have a stale session sitting in server memory.
No client is linked to it, so there's no way to close it.
The only way to get rid of it is to either write your own session timeout mechanism (but why would you if you can have the server do it for you better by just setting a reasonable timeout period?) or to shut down the server (and hope it doesn't serialise open sessions and deserialise them on startup).
 
udaykiran pulipati
Greenhorn
Posts: 12
Hibernate Java MyEclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Use negative value -1, session never timeout.

Click below link for answer

How to avoid session timeout
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!