This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Session timeout default Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Session timeout default" Watch "Session timeout default" New topic

Session timeout default

Renata fonseca
Ranch Hand

Joined: Mar 15, 2002
Posts: 48
what's the default of http session timeout? Is it container dependent?
Sai Prasad
Ranch Hand

Joined: Feb 25, 2002
Posts: 560
As per the spec,
In the HTTP protocol, there is no explicit termination signal when a client is no
longer active. This means that the only mechanism that can be used to indicate when
a client is no longer active is a timeout period.
The default timeout period for sessions is defined by the servlet container and
can be obtained via the getMaxInactiveInterval method of the HttpSession
interface. This timeout can be changed by the Developer using the
setMaxInactiveInterval method of the HttpSession interface. The timeout
periods used by these methods are defined in seconds. By definition, if the timeout
period for a session is set to -1, the session will never expire.

You can set the timeout period in web.xml:
<!ELEMENT session-config (session-timeout?)>
Renata fonseca
Ranch Hand

Joined: Mar 15, 2002
Posts: 48
Mark Howard
Ranch Hand

Joined: Feb 14, 2001
Posts: 285
Remember, the setMaxInactiveInterval() method of HttpSession set an interval in seconds, whereas the deployment descriptor <session-config> element is specified in minutes.
Add to this the other discrepency that the setMaxInactiveInterval() method requires a negative-value argument to ensure that the session never expires, whereas the <session-timeout> value in the DD can be 0 or less to achieve the same.
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
subject: Session timeout default
Similar Threads
session-config in web.xml
Session retention
2 Inconsistencies in session-timeout and setMaxInactiveinterval
request parameters received are null in weblogic 8.1
Session time out