Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session Confusion.

 
Yogendra Joshi
Ranch Hand
Posts: 213
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Ben and other Ranchers ,

I have a small confusion in here. I believe we have two options for setting the Session in our servlets. The 1st being the <session-timeout> in web.xml which lets us specify in Minutes and other being session.setMaxInactiveInterval(noOfSeconds).

The confusion in here is if i have settings in both web.xml and on a servlets / jsps where i have used session.setMaxInactiveInterval(noOfSeconds)which one would be picked up ?

Secondly , I had used session.setMaxInactiveInterval(60) which means session would get invalidated after 1 minute after 1 minute it should get redirected to login.jsp where the user is asked to login again, When i try to access it , It still lets me access it. I want to know why is that happening. Why does it not go the login page ?

Thanks in advance for answering.

Yogendra Joshi.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would read this:

to mean that timeout settings declared at the container level are overridden by the setMaxInactiveInterval call at the application level.


Are you using container managed security or have you written your own login code? If the latter, do you have code to specifically redirect the user to the login page?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic