• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

ocejwcd 6 head first: When the session is invalidated

 
Aladdin Nawasreh
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From head first servlets and jsp 2nd edition

By default, a cookie lives only as long as a session; once the
client quits his browser, the cookie disappears. That’s how
the “JSESSIONID” cookie works.



But after that there is a question
Which statements about HttpSession objects are true?
(Choose all that apply.)
A. A session whose timeout period has been set to -1 will never expire.
B. A session will become invalid as soon as the user closes all browser windows.
C. A session will become invalid after a timeout period defined by the servlet container.
D. A session may be explicitly invalidated by calling HttpSession.invalidateSession().



Based on the first quote the option C should be correct, but it's not! is there any explanation why? any trick of the question or the quote?
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2536
113
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Option C is correct.
 
Rob Spoor
Sheriff
Pie
Posts: 20753
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The timeout can also be set from code or in web.xml, not just by the container. I'm guessing the book says the correct answer is A; from HttpSession.setMaxInactiveInterval:
An interval value of zero or less indicates that the session should never timeout.
 
Stefan Evans
Bartender
Posts: 1807
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From the server point of view, I would say they are all true except option B.
The server can't tell if a client closed the browser window, or is just sitting there inactive.

All of the other questions appear related to the session timeout and invalidation, and look fine to me.


Of course if the browser window is closed, the client no longer has its session cookie, and can't get back into the session on the server - unless you kept a copy of the cookie (you hacker)
 
Rob Spoor
Sheriff
Pie
Posts: 20753
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
D is wrong because the method is called invalidate, not invalidateSession.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic