Cookie.setMaxAge(-1) will make the cookie expire after the browser is closed, this is what HFSJ says on Session Management chapter and this is what the Javadoc for the method says, but Session Management chapter's mock exam question number 3's answer says that if we met the max age to -1, the cookie will never expire.
I checked out the errata, but there seems to be no errata on this. Am I getting confused with some simple thing? Or is the answer wrong for that question? Can anyone confirm it?
It was a very useful post by you, helped me a lot and now I realized that there are two things --session timeout and cookie timeout. . I think that is what confused me. Thanks again.