posted 18 years ago
session.getSession(false) will return pre-existing session. It returns null only when there is no session associated with.
we have some methods like
getCreationTime()
getLastAccessedTime()
invalidate();
by using getLastAccessedTime() we get some time in milliseconds
and if it exceeds the time you have mentioned(<session-timeout> in web.xml(that represents hours) call invalidate() so that the session will be destroyed.
hope this works.
SCJP 1.4 & 1.5, SCWCD 1.5. Learn and Let Learn.