This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes web.xml session parameters Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "web.xml session parameters" Watch "web.xml session parameters" New topic

web.xml session parameters

Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299

Can someone give me some info or a link to info on specifiying session timeout parameters in the web.xml file? I need to make sure users can't just stay logged in for hours at a time without relogging in to the web app.

GenRocket - Experts at Building Test Data
Sainudheen Mydeen
Ranch Hand

Joined: Aug 18, 2003
Posts: 218
Hi Gregg
Session timeout tag in web.xml goes like this.

Here <session-timeout> element contains the timeout in minutes.
Andres Gonzalez
Ranch Hand

Joined: Nov 27, 2001
Posts: 1561
In addition:

The session-timeout element defines the default session timeout
interval for all sessions created in this web application. The
specified timeout must be expressed in a whole number of minutes.
If the timeout is 0 or less, the container ensures the default
behaviour of sessions is never to time out.

This is taken from the DTD itself:
-Also, remember that when you use the setMaxInactiveInterval(int seconds) of HttpSession interface, you specify a value of seconds and not minutes, like you normally do in the deployment descriptor (web.xml). You use this method in situations when you want to "overwrite" the value you put in the web.xml, in a programatic way.
-If you want to specify that the session will never expire using the above method, you must use a negative number (not 0). This will apply only to the current session. All other session are still mandated with the value you specify in web.xml
hope this helps.
[ October 05, 2003: Message edited by: Andres Gonzalez ]

I'm not going to be a Rock Star. I'm going to be a LEGEND! --Freddie Mercury
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299

Thanks for all the information guys. I really appreciate it.
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8904

I wanna to know why you are setting the timeout as hours.. it is not recommended

Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299

I am not setting them as hours.
I agree. Here's the link:
subject: web.xml session parameters
Similar Threads
Is there any method as in context like setAttribute() in config ?
Session timeout
forwarding request to some other server
retrieving values from url rewritting in jsp
Tracking user