The session-timeout element defines the default session timeout
interval for all sessions created in this web application. The
specified timeout must be expressed in a whole number of minutes.
If the timeout is 0 or less, the container ensures the default
behaviour of sessions is never to time out.
This is taken from the DTD itself:
-Also, remember that when you use the setMaxInactiveInterval(int seconds) of HttpSession interface, you specify a value of seconds and not minutes, like you normally do in the deployment descriptor (web.xml). You use this method in situations when you want to "overwrite" the value you put in the web.xml, in a programatic way.
-If you want to specify that the session will never expire using the above method, you must use a negative number (not 0). This will apply only to the current session. All other session are still mandated with the value you specify in web.xml
hope this helps.
[ October 05, 2003: Message edited by: Andres Gonzalez ]