This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JSP and the fly likes Regarding Session life time Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Regarding Session life time" Watch "Regarding Session life time" New topic
Author

Regarding Session life time

saravana kumar
Ranch Hand

Joined: Jun 25, 2002
Posts: 72
Dear Friends,
we are developing a web site using jsp,servlets.i would like to set the session life time as long as the clients accessing the site.
now if the client doesnt do anything onb page the session life time comes to end after 3 seconds.i want to disable the session after the client made the sign out. how to do that?
or how can i set session valid for atleast one day.
thanks
regards
saran
Rob Misek
Ranch Hand

Joined: Sep 24, 2002
Posts: 41
Hi saravana,
Take a look at javax.servlet.http.HttpSession.setMaxInactiveInterval(int interval), but be careful to gaurantee that eventually every session expires.


<a href="http://www.tangosol.com" target="_blank" rel="nofollow">www.tangosol.com</a><br /><a href="http://www.tangosol.com/coherence.jsp" target="_blank" rel="nofollow">Coherence:</a> Easily share live data across a cluster!
Vin Kris
Ranch Hand

Joined: Jun 17, 2002
Posts: 154
Saravana, Check out what Rob Misek has given - but be warned that you need resources to maintain session and they don't come cheap. 3 seconds seems really tight but on the other hand, one day seems way too long. What would the users do?
You will have to arrive at a value that is acceptable so that the session can be invalidated.
For ex: Set the Maximum inactive interval to 30 minutes - so you application server itself will take care of session invalidation after this time.
Also, The sign-out logic itself should have session invalidation (say 25 minutes) to free up the resources.
if( last access time > max inactive time ) session.invalidate();
This way if users click on logout button, then you invalidate the sessions. BUT, if the users close their browser windows using the X button (which most of them do), then the app server invalidates the session.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Regarding Session life time
 
Similar Threads
setting max-bean-life
Session
Confusion about session destruction
Session Management
Interview question asked to me which I could not answer