aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Session and cookie timeouts ...confusing Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Session and cookie timeouts ...confusing " Watch "Session and cookie timeouts ...confusing " New topic
Author

Session and cookie timeouts ...confusing

janne jounivich
Ranch Hand

Joined: Jan 11, 2005
Posts: 45
Hi

Could someone pls carify me the timeout definitions
of the session and cookies?

I
F.ex if session is declared as follows
1) HttpSession.setMaxInactiveInterval(-1)
2) HttpSession.setMaxInactiveInterval(0)
3) HttpSession.setMaxInactiveInterval(10)

II
or if cookie is declared as follows
1) cookie.setMaxAge(-1)
2) cookie.setMaxAge(0)
3) cookie.setMaxAge(10)

III
How long time session and cookie exist in the variants above?

IV
What about if session is declared in DD like
<session-config>
<session-timeout>0</session-timeout>
</session-config>

V
or
<session-config>
<session-timeout>-1</session-timeout>
</session-config>

Pls help me out with this problematic definitions!

JRockie


----
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

The best way for you to learn it is to grab the Servlet Specification and check it yourself. It's easy and very effective


[My Blog]
All roads lead to JavaRanch
Ramprasad Subburaman
Greenhorn

Joined: Dec 18, 2005
Posts: 19
Answers:

HttpSession.setMaxInactiveInterval(-1) && HttpSession.setMaxInactiveInterval(0) also Question IV and V are all same ==> session doesnt expire.

HttpSession.setMaxInactiveInterval(10) session timeouts after 10seconds.

cookie.setMaxAge(-1) deleted when browser is closed.
cookie.setMaxAge(0) deleted at client side.


Hope I made it clear. If anyone else has difference in opinion please reply.
janne jounivich
Ranch Hand

Joined: Jan 11, 2005
Posts: 45
According to HFS on page 273, session.setMaxInactiveInterval(-1) will never expire. But session.setMaxInactiveInterval(0) will cause a immediate
invalidation of the session. Pls correct me!

JR
[ May 18, 2006: Message edited by: janne RockGulf ]
Gaurav Gambhir
Ranch Hand

Joined: Mar 04, 2006
Posts: 254
I
F.ex if session is declared as follows
1) HttpSession.setMaxInactiveInterval(-1)

Session will never Expire

2) HttpSession.setMaxInactiveInterval(0)

Session will expire after 0 sec of activity,means as soon as it is created

3) HttpSession.setMaxInactiveInterval(10)

Session will expire after 10 secs.

II
or if cookie is declared as follows
1) cookie.setMaxAge(-1)

cookie will be deleted when the client browser exits.

2) cookie.setMaxAge(0)

This cookie will be deleted almost immediately after it is created.

3) cookie.setMaxAge(10)

Cookie is deleted after 10 secs of activity

III
How long time session and cookie exist in the variants above?

IV
What about if session is declared in DD like
<session-config>
<session-timeout>0</session-timeout>
</session-config>

Session will never expire

V
or
<session-config>
<session-timeout>-1</session-timeout>
</session-config>
Session will never expire

Regards
Gaurav
janne jounivich
Ranch Hand

Joined: Jan 11, 2005
Posts: 45
Thanx for the explanations. I guess I had misunderstood
the concept of the following decl. (exp.. the first one)

<session-config>
<session-timeout>0</session-timeout>
</session-config>

and

<session-config>
<session-timeout>-1</session-timeout>
</session-config>

OK, I will just have to burn in that in both situations
session will never expire.

JR
[ May 18, 2006: Message edited by: janne RockGulf ]
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

Originally posted by janne RockGulf:
According to HFS on page 273, session.setMaxInactiveInterval(-1) will never expire. But session.setMaxInactiveInterval(0) will cause a immediate
invalidation of the session. Pls correct me!


But that is correct already.

The big confusion on the topic usually comes from the use of 0. In the real world it's really not a good idea to use 0 but you're expected on the exam to know how it behaves.

For setMaxInactiveInterval(), passing 0 is the same as calling invalidate() on the session. It kills the session off immediately. In the real world you might as well just call invalidate() to avoid confusion.

For the <session-timeout> tag, however, 0 means that the session will never expire due to timeout. In the real world you might as well just use -1 instead to eliminate any confusion.


A good workman is known by his tools.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session and cookie timeouts ...confusing
 
Similar Threads
Am I correct ???
Session Problem
Question on sessions and cookies
session timeout in DD
session is not invalidating