This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin for Android App Development and have Peter Sommerhoff on-line!
See this thread for details.
Win a copy of Kotlin for Android App Development this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Devaka Cooray
  • Jeanne Boyarsky
  • Bear Bibeault
  • Junilu Lacar
  • Paul Clapham
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • salvin francis
  • Carey Brown
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

Clarify my Assumption Regarding Session  RSS feed

Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I'm studying HeadFirst Servlets and JSP book . In Chapter 6 (Conversation state ) I came to know that one of the ways to invalidate a session is either by calling setMaxInactiveInterval method from HttpSession interface or by specifying <session-timeout> tag in DD .

Author explained the difference between the two ways like this:

The time(in Minutes) specified in <session-timeout> tag is applicable for ALL Sessions where as setMaxInactiveInterval() overrides that global time set by <session-timeout> tag to that Particular session if specified

What confuses me is this:

At any time there will be only ONE session for a particular Client(Browser) . so I think that "ALL Sessions" by author represents from Server point of View . Am I correct ?

So here are my Assumption :
Since there will be only ONE Session per client at any time that ALL Sessions represents from the Server point of view(One per Client)

Please tell me that whether my assumptions are correct or not. if not please clarify me.

Thanks in advance

Posts: 9643
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I couldn't understand your point properly but I think you are getting it wrong. Suppose you set the <session-timeout> to set session timeout to be 20 minutes. Now there are two login panels in your site. In one of them, the servlet code to login the user looks like this

So now for this user, the timeout will be 20 minutes. So if they don't do any activity for 20 minutes, their session will expire. In the second login panel, the servlet code to login the user looks like this

Now this user can remain inactive for 30 minutes before their session expires. So basically the <session-timeout> value is used to decide the session's timeout period if you don't provide one using the setMaxInactiveInterval() method...
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Problem statement:
XYZ webbased system and users of system belongs to department. There are two departments
finance and personal. If requirement is for users belongs to finance department session time out
is 10 minutes and other than finance, users session timeout should be 30 minutes.

Possible Approch:
1. Set default session time out using


to 30 minutes.
2. After successful user authentication check for the user department.

If department is finance Then


API to override 30 min session time out
to 10 minutes and this session time will be applicable to that user not other users and there
session time out.
End IF

Hope this example helps you to get and clear understanding and about the difference between
use of




Parthiban Malayandi
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ankit and Jitendra

Thanks for your replies and sorry for the delayed reply of mine.

I'm clear about the difference between the two.

To be very precise the following is the extract from the chapter 6(page no :245)

If you want to change the session-timeout value for
a particular session instance (without affecting the
timeout length for any other sessions in the app):


I understood that for a particular client(Browser) at any time there will be only one session(one jsessionId cookie) in both the server(webContainer) and client(Browser)
so in that sentence for "any other sessions" refers to the sessions in the server for other clients.

Am I right ?

All of the world's problems can be solved in a garden - Geoff Lawton. Tiny ad:
RavenDB is an Open Source NoSQL Database that’s fully transactional (ACID) across your database
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!