wood burning stoves 2.0*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Session timeout problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Session timeout problem" Watch "Session timeout problem" New topic

Session timeout problem

aliasger talib
Ranch Hand

Joined: Aug 19, 2002
Posts: 37
hi ,
In session invalidation, the timeout period for that session can be specified in seconds using the setMaximumInactiveInterval() method.
And even in the deployment descriptor, using the <session-timeout> tag, timeout for all sessions in the application can be specified in minutes.
My question is, if both are specified for a session, then which one takes precedence?
Thanks for the help.
Vedhas Pitkar
Ranch Hand

Joined: Jan 27, 2001
Posts: 445
Hi Dont know for sure but i tink it's the setMaximumInactiveInterval() method which takes precedence if both time outs r specified.Correct me if i am wrong.
Kyle Tang
Ranch Hand

Joined: Aug 22, 2002
Posts: 78
Session.setMaxInactiveInterval() will work for that particular Session object.
remember, <session-timeout> is for all the sessions in your web-app.
So if you have this:
and you call session1.setMaxInactiveInterval(360), then session1 will have timeout 6 minutes, but all the other sessions will have time-out 5 minutes.

Kyle Tang<br />SCJP 91<br />SCWCD 96<br />SCBCD 95
Maha Annadurai
Ranch Hand

Joined: Oct 27, 2002
Posts: 87
Also note that there is a small inconsistancy between the Servlet DTD and API.
A 0 (Zero) or -ve value for <session-timeout> would make the sessions not to expire. On the other hand, if we use HttpSession.setMaxInactiveInterval( int secs) method, only -ve values will make that session not to expire.
From Servlet 2.3 DTD,
The session-timeout element defines the default session timeout
interval for all sessions created in this web application. The
specified timeout must be expressed in a whole number of minutes.
If the timeout is 0 or less, the container ensures the default
behaviour of sessions is never to time out.
Used in: session-config
From Servlet API
public void setMaxInactiveInterval(int interval)Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.

I wanted to check this with Tomcat and found that when I set <session-timeout>0</session-timeout> in web.xml, the session does get invalidated immediately after it's creation. (which is against the servlet 2.3 DTD )
Maha Anna
[ November 30, 2002: Message edited by: Maha Annadurai ]
I agree. Here's the link: http://aspose.com/file-tools
subject: Session timeout problem
Similar Threads
time out period defined by the servlet container?
How to Handle timeout to save user input
Session retention
How to change session expiring time of jboss?
2 Inconsistencies in session-timeout and setMaxInactiveinterval