By default, a cookie lives only as long as a session; once the
client quits his browser, the cookie disappears. That’s how
the “JSESSIONID” cookie works.
But after that there is a question
Which statements about HttpSession objects are true?
(Choose all that apply.)
A. A session whose timeout period has been set to -1 will never expire.
B. A session will become invalid as soon as the user closes all browser windows.
C. A session will become invalid after a timeout period defined by the servlet container.
D. A session may be explicitly invalidated by calling HttpSession.invalidateSession().
Based on the first quote the option C should be correct, but it's not! is there any explanation why? any trick of the question or the quote?