Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session and cookie timeouts ...confusing

 
janne jounivich
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

Could someone pls carify me the timeout definitions
of the session and cookies?

I
F.ex if session is declared as follows
1) HttpSession.setMaxInactiveInterval(-1)
2) HttpSession.setMaxInactiveInterval(0)
3) HttpSession.setMaxInactiveInterval(10)

II
or if cookie is declared as follows
1) cookie.setMaxAge(-1)
2) cookie.setMaxAge(0)
3) cookie.setMaxAge(10)

III
How long time session and cookie exist in the variants above?

IV
What about if session is declared in DD like
<session-config>
<session-timeout>0</session-timeout>
</session-config>

V
or
<session-config>
<session-timeout>-1</session-timeout>
</session-config>

Pls help me out with this problematic definitions!

JRockie
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The best way for you to learn it is to grab the Servlet Specification and check it yourself. It's easy and very effective
 
Ramprasad Subburaman
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Answers:

HttpSession.setMaxInactiveInterval(-1) && HttpSession.setMaxInactiveInterval(0) also Question IV and V are all same ==> session doesnt expire.

HttpSession.setMaxInactiveInterval(10) session timeouts after 10seconds.

cookie.setMaxAge(-1) deleted when browser is closed.
cookie.setMaxAge(0) deleted at client side.


Hope I made it clear. If anyone else has difference in opinion please reply.
 
janne jounivich
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
According to HFS on page 273, session.setMaxInactiveInterval(-1) will never expire. But session.setMaxInactiveInterval(0) will cause a immediate
invalidation of the session. Pls correct me!

JR
[ May 18, 2006: Message edited by: janne RockGulf ]
 
Gaurav Gambhir
Ranch Hand
Posts: 256
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I
F.ex if session is declared as follows
1) HttpSession.setMaxInactiveInterval(-1)

Session will never Expire

2) HttpSession.setMaxInactiveInterval(0)

Session will expire after 0 sec of activity,means as soon as it is created

3) HttpSession.setMaxInactiveInterval(10)

Session will expire after 10 secs.

II
or if cookie is declared as follows
1) cookie.setMaxAge(-1)

cookie will be deleted when the client browser exits.

2) cookie.setMaxAge(0)

This cookie will be deleted almost immediately after it is created.

3) cookie.setMaxAge(10)

Cookie is deleted after 10 secs of activity

III
How long time session and cookie exist in the variants above?

IV
What about if session is declared in DD like
<session-config>
<session-timeout>0</session-timeout>
</session-config>

Session will never expire

V
or
<session-config>
<session-timeout>-1</session-timeout>
</session-config>
Session will never expire

Regards
Gaurav
 
janne jounivich
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanx for the explanations. I guess I had misunderstood
the concept of the following decl. (exp.. the first one)

<session-config>
<session-timeout>0</session-timeout>
</session-config>

and

<session-config>
<session-timeout>-1</session-timeout>
</session-config>

OK, I will just have to burn in that in both situations
session will never expire.

JR
[ May 18, 2006: Message edited by: janne RockGulf ]
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by janne RockGulf:
According to HFS on page 273, session.setMaxInactiveInterval(-1) will never expire. But session.setMaxInactiveInterval(0) will cause a immediate
invalidation of the session. Pls correct me!


But that is correct already.

The big confusion on the topic usually comes from the use of 0. In the real world it's really not a good idea to use 0 but you're expected on the exam to know how it behaves.

For setMaxInactiveInterval(), passing 0 is the same as calling invalidate() on the session. It kills the session off immediately. In the real world you might as well just call invalidate() to avoid confusion.

For the <session-timeout> tag, however, 0 means that the session will never expire due to timeout. In the real world you might as well just use -1 instead to eliminate any confusion.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic