• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

ocejwcd 6 head first: When the session is invalidated  RSS feed

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From head first servlets and jsp 2nd edition

By default, a cookie lives only as long as a session; once the
client quits his browser, the cookie disappears. That’s how
the “JSESSIONID” cookie works.




But after that there is a question

Which statements about HttpSession objects are true?
(Choose all that apply.)
A. A session whose timeout period has been set to -1 will never expire.
B. A session will become invalid as soon as the user closes all browser windows.
C. A session will become invalid after a timeout period defined by the servlet container.
D. A session may be explicitly invalidated by calling HttpSession.invalidateSession().




Based on the first quote the option C should be correct, but it's not! is there any explanation why? any trick of the question or the quote?
 
Creator of Enthuware JWS+ V6
Posts: 3178
276
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Option C is correct.
 
Sheriff
Posts: 21463
97
Chrome Eclipse IDE Java Spring Ubuntu VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The timeout can also be set from code or in web.xml, not just by the container. I'm guessing the book says the correct answer is A; from HttpSession.setMaxInactiveInterval:

An interval value of zero or less indicates that the session should never timeout.

 
Bartender
Posts: 1845
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From the server point of view, I would say they are all true except option B.
The server can't tell if a client closed the browser window, or is just sitting there inactive.

All of the other questions appear related to the session timeout and invalidation, and look fine to me.


Of course if the browser window is closed, the client no longer has its session cookie, and can't get back into the session on the server - unless you kept a copy of the cookie (you hacker)
 
Rob Spoor
Sheriff
Posts: 21463
97
Chrome Eclipse IDE Java Spring Ubuntu VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
D is wrong because the method is called invalidate, not invalidateSession.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!