Question ID :996258797686 In which of the following situations a session will definitely be invalidated? ANS:2nd & 3rd options.(not mentioning here...) However its 4th option is wrong which is.....
if the session time out is set to 0, the session will never be invalidated automatically.
In explanation of this 4th option JWebPlus says..
The value is -1 & not 0!
But when i refer to specification, i got the following...
The session-timeout element defines the default session timeout interval for all sessions created in this web application. The specified timeout must be expressed in a whole number of minutes.If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out.
As I understand it, there are two issues here. 1. Setting the <session-timeout> element in web.xml to zero or less means that the default for ALL sessions in the web app is to never expire. 2. Programmatically calling HttpSession.setMaxInactiveInterval() with any negative integer will set this SPECIFIC session to never expire. (Previous thread's testing seems to show that making this call with zero as the integer time's out the session as soon as it is created.) Not an inconsistency, just a difference in scope. [ February 28, 2002: Message edited by: Scott Ramsey ]
Not an inconsistency, just a difference in scope While, the difference in scope (one servlet verses all servlets) is agreed, you need to note the inconsistency in the use of a session-timeout value of "0" zero. When used in the web-app, the session will never invalidate. On the other hand when used in the setMaxInactivveInterval(0) method, it invalidates the session immediately (well, almost). Hope you see the inconsistency. regds. - satya
Joined: Jun 28, 2001
Agreed. Hastily worded reply is my error. I was trying to address the confusion between the web.xml element's effects and that of the method call on the session itself. But, regardless of scope, it sure would have made our lives a little bit easier if the rule was just to always use a negative integer, etc. Hey, perhaps we can see this as increased job security!
Joined: Jun 03, 2000
increased job security okay, now that is a sensitive issue, don't even drag me into that..... :roll: - satya........end of transmission on this issue!!!
Joined: Sep 02, 2001
When used in the web-app, the session will never invalidate. On the other hand when used in the setMaxInactivveInterval(0) method, it invalidates the session immediately (well, almost).