Can someone give me some info or a link to info on specifiying session timeout parameters in the web.xml file? I need to make sure users can't just stay logged in for hours at a time without relogging in to the web app. Thanks.
The session-timeout element defines the default session timeout interval for all sessions created in this web application. The specified timeout must be expressed in a whole number of minutes. If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out.
This is taken from the DTD itself: http://java.sun.com/dtd/web-app_2_3.dtd -Also, remember that when you use the setMaxInactiveInterval(int seconds) of HttpSession interface, you specify a value of seconds and not minutes, like you normally do in the deployment descriptor (web.xml). You use this method in situations when you want to "overwrite" the value you put in the web.xml, in a programatic way. -If you want to specify that the session will never expire using the above method, you must use a negative number (not 0). This will apply only to the current session. All other session are still mandated with the value you specify in web.xml hope this helps. [ October 05, 2003: Message edited by: Andres Gonzalez ]
I'm not going to be a Rock Star. I'm going to be a LEGEND! --Freddie Mercury