sanjay sawant

Well Done Madhav

"behind the scenes, the client’s session id is usually saved on the client in a cookie called JSESSIONID.
For client that don’t support cookies, the session ID can be sent as part of a rewritten URL, encoded using a jsessionid path parameter."

1) If i don't use cookies nor url rewriting can i stil use session management ?
(THIS DOUBT MIGHT SOUND SILLY, BUT I DESPERATELY NEED ANSWER
TO THIS QUESTION....PLEASE HELP ME AS MUCH AS YOU CAN ON QN. 1)

I have read that a session is considered new (isNew() returns true) if
server used only cookie-based sessions, and the client had disabled the use
of cookies, then a session would be new on each request.

From Vel's Notes:
1.2.given a scenario, state whether a session object will be invalidated
1.2.1.ideally, a session would be invalidated as soon as the user closed his browser, browsed to a different site, or stepped away from his desk. Unfortunately, there’s no way for a server to detect any of these events.
Can someone please explain me 1.2.1.
I am confused.

In weblogic.xml there are two things
TimeoutSecs
InvalidationIntervalSec
Please explain me both..IT IS URGENT

Please this is very urgent.
I need all the help that anyone can give...
public void logout(String login_name,HttpServletRequest req)
{
if(req.isrequestedSessionIdValid())
{
req.getSession().invalidate();
allSessionsHashtable.remove(login_name)
}
}

As soon as users log into the application
i am calling login method of a singleton class
i create session and
store login_name and corressponding sessions
Since multi-login is also allowed it is possible that before the user presses logout button the
session is invalid.
Will above method -logout() work properly
Is req.isrequestedSessionIdValid()
reliable and will this code act the way i want.