Originally posted by janne RockGulf: According to HFS on page 273, session.setMaxInactiveInterval(-1) will never expire. But session.setMaxInactiveInterval(0) will cause a immediate invalidation of the session. Pls correct me!
But that is correct already.
The big confusion on the topic usually comes from the use of 0. In the real world it's really not a good idea to use 0 but you're expected on the exam to know how it behaves.
For setMaxInactiveInterval(), passing 0 is the same as calling invalidate() on the session. It kills the session off immediately. In the real world you might as well just call invalidate() to avoid confusion.
For the <session-timeout> tag, however, 0 means that the session will never expire due to timeout. In the real world you might as well just use -1 instead to eliminate any confusion.