• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Session Confusion.

 
Ranch Hand
Posts: 213
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Ben and other Ranchers ,

I have a small confusion in here. I believe we have two options for setting the Session in our servlets. The 1st being the <session-timeout> in web.xml which lets us specify in Minutes and other being session.setMaxInactiveInterval(noOfSeconds).

The confusion in here is if i have settings in both web.xml and on a servlets / jsps where i have used session.setMaxInactiveInterval(noOfSeconds)which one would be picked up ?

Secondly , I had used session.setMaxInactiveInterval(60) which means session would get invalidated after 1 minute after 1 minute it should get redirected to login.jsp where the user is asked to login again, When i try to access it , It still lets me access it. I want to know why is that happening. Why does it not go the login page ?

Thanks in advance for answering.

Yogendra Joshi.
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would read this:

to mean that timeout settings declared at the container level are overridden by the setMaxInactiveInterval call at the application level.


Are you using container managed security or have you written your own login code? If the latter, do you have code to specifically redirect the user to the login page?
 
reply
    Bookmark Topic Watch Topic
  • New Topic