Win a copy of The Journey To Enterprise Agility this week in the Agile and Other Processes forum! And see the welcome thread for 20% off.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Junilu Lacar
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Ganesh Patekar
  • Tim Moores
  • Pete Letkeman
  • Stephan van Hulst
Bartenders:
  • Carey Brown
  • Tim Holloway
  • Joe Ess

ocejwcd 6 head first: When the session is invalidated  RSS feed

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From head first servlets and jsp 2nd edition

By default, a cookie lives only as long as a session; once the
client quits his browser, the cookie disappears. That’s how
the “JSESSIONID” cookie works.




But after that there is a question

Which statements about HttpSession objects are true?
(Choose all that apply.)
A. A session whose timeout period has been set to -1 will never expire.
B. A session will become invalid as soon as the user closes all browser windows.
C. A session will become invalid after a timeout period defined by the servlet container.
D. A session may be explicitly invalidated by calling HttpSession.invalidateSession().




Based on the first quote the option C should be correct, but it's not! is there any explanation why? any trick of the question or the quote?
 
Creator of Enthuware JWS+ V6
Bartender
Posts: 3114
256
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Option C is correct.
 
Sheriff
Posts: 21421
94
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The timeout can also be set from code or in web.xml, not just by the container. I'm guessing the book says the correct answer is A; from HttpSession.setMaxInactiveInterval:

An interval value of zero or less indicates that the session should never timeout.

 
Bartender
Posts: 1844
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From the server point of view, I would say they are all true except option B.
The server can't tell if a client closed the browser window, or is just sitting there inactive.

All of the other questions appear related to the session timeout and invalidation, and look fine to me.


Of course if the browser window is closed, the client no longer has its session cookie, and can't get back into the session on the server - unless you kept a copy of the cookie (you hacker)
 
Rob Spoor
Sheriff
Posts: 21421
94
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
D is wrong because the method is called invalidate, not invalidateSession.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!