wood burning stoves 2.0
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Session timeout problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Session timeout problem" Watch "Session timeout problem" New topic

Session timeout problem

aliasger talib
Ranch Hand

Joined: Aug 19, 2002
Posts: 37
hi ,
In session invalidation, the timeout period for that session can be specified in seconds using the setMaximumInactiveInterval() method.
And even in the deployment descriptor, using the <session-timeout> tag, timeout for all sessions in the application can be specified in minutes.
My question is, if both are specified for a session, then which one takes precedence?
Thanks for the help.
Vedhas Pitkar
Ranch Hand

Joined: Jan 27, 2001
Posts: 445
Hi Dont know for sure but i tink it's the setMaximumInactiveInterval() method which takes precedence if both time outs r specified.Correct me if i am wrong.
Kyle Tang
Ranch Hand

Joined: Aug 22, 2002
Posts: 78
Session.setMaxInactiveInterval() will work for that particular Session object.
remember, <session-timeout> is for all the sessions in your web-app.
So if you have this:
and you call session1.setMaxInactiveInterval(360), then session1 will have timeout 6 minutes, but all the other sessions will have time-out 5 minutes.

Kyle Tang<br />SCJP 91<br />SCWCD 96<br />SCBCD 95
Maha Annadurai
Ranch Hand

Joined: Oct 27, 2002
Posts: 87
Also note that there is a small inconsistancy between the Servlet DTD and API.
A 0 (Zero) or -ve value for <session-timeout> would make the sessions not to expire. On the other hand, if we use HttpSession.setMaxInactiveInterval( int secs) method, only -ve values will make that session not to expire.
From Servlet 2.3 DTD,
The session-timeout element defines the default session timeout
interval for all sessions created in this web application. The
specified timeout must be expressed in a whole number of minutes.
If the timeout is 0 or less, the container ensures the default
behaviour of sessions is never to time out.
Used in: session-config
From Servlet API
public void setMaxInactiveInterval(int interval)Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.

I wanted to check this with Tomcat and found that when I set <session-timeout>0</session-timeout> in web.xml, the session does get invalidated immediately after it's creation. (which is against the servlet 2.3 DTD )
Maha Anna
[ November 30, 2002: Message edited by: Maha Annadurai ]
I agree. Here's the link: http://aspose.com/file-tools
subject: Session timeout problem
It's not a secret anymore!