session that never dies

setMaxInactiveInterval(-1) means the session never times out

setMaxInactiveInterval(0) means session times out immediately as soon as it
created

what does this mean ?

<session-config>
<session-timeout>0</session-timeout>
</session-config>
does thie mean same as setMaxInactiveInterval(0), excpt tha we have 0 seconds in the method ad 0 minutes in the D.D ;-)

<session-config>
<session-timeout>-1</session-timeout>
</session-config>

does this never time out ???

i am doing lots of fine tuning in my concepts..

The followings are what I have in my brain:

session.setMaxInactiveInterval(-1); //the session never ends.
<session-timeout>0</session-timeout> //the session never ends
<session-timeout>-1</session-timeout> //the session never ends.

session.setMaxInactiveInterval(0);
//the session times out IMMEDIATELY. "session times out immediately" means ....well, the session ends as soon as it's created because the 'InActiveInterval' of this session is Zero second.

Just a quote to show how confusing setMaxAge() and setMaxInactiveInterval():

setMaxAge(-1) -- cookie is not stored persistently and will be deleted when the Web browser exits
setMaxAge(0) -- cookie to be deleted
setMaxAge(1) -- cookie will expire after that many seconds have passed.

Can anyone fill it remaining thing correctly..

setMaxInactiveInterval(-1) --
setMaxInactiveInterval(0) --
setMaxInactiveInterval(1) -- session will be invalidated after that many seconds have passed.

miacel, even i was comparing the timeouts between session and the cookies

thanks for all the info on page

will take a print out tomorrow !

setMaxAge(-1) -- cookie is not stored persistently and will be deleted when the Web browser exits
setMaxAge(0) -- cookie to be deleted
setMaxAge(1) -- cookie will expire after that many seconds have passed.

Can anyone fill it remaining thing correctly..

setMaxInactiveInterval(-1) -- session never ends
setMaxInactiveInterval(0) -- session ends immediately
setMaxInactiveInterval(1) -- session will be invalidated after that many seconds have passed.

and as added by stella

<session-timeout>0<session-timeout> //never ends
<session-timeout>-1</session-timeout> //never ends
<session-timeout>1 </session-timeout> //time out after 1 minute

somebody please confirm the bold ones !! :roll:

Niranjan,
I think I've read somewhere that "..<session-time> value 0 or less means that the sessiion will never expire...." but, I don't remember where...
anyone can confirm ?

From Servlet spec. 2.4 -- page 128

The session-timeout element defines the default session timeout interval for all sessions created in this web application. The specified timeout must be expressed in a whole number of minutes. If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out. If this element is not specified, the container must set its default timeout period.

From Servlet spec. 2.4 -- page 271

public void setMaxInactiveInterval(int interval)
Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.

thanks a lot..
that completes the concept