File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Session Confusion. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session Confusion." Watch "Session Confusion." New topic

Session Confusion.

Yogendra Joshi
Ranch Hand

Joined: Apr 04, 2006
Posts: 213
Hello Ben and other Ranchers ,

I have a small confusion in here. I believe we have two options for setting the Session in our servlets. The 1st being the <session-timeout> in web.xml which lets us specify in Minutes and other being session.setMaxInactiveInterval(noOfSeconds).

The confusion in here is if i have settings in both web.xml and on a servlets / jsps where i have used session.setMaxInactiveInterval(noOfSeconds)which one would be picked up ?

Secondly , I had used session.setMaxInactiveInterval(60) which means session would get invalidated after 1 minute after 1 minute it should get redirected to login.jsp where the user is asked to login again, When i try to access it , It still lets me access it. I want to know why is that happening. Why does it not go the login page ?

Thanks in advance for answering.

Yogendra Joshi.

Meri Zindagi Hain Tab Tak.. Jab Tak Tera Sahara.... Har Taraf Tu Hi Tu Hain SAI Tera Hi Hain Nazara.....
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

I would read this:

to mean that timeout settings declared at the container level are overridden by the setMaxInactiveInterval call at the application level.

Are you using container managed security or have you written your own login code? If the latter, do you have code to specifically redirect the user to the login page?

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
I agree. Here's the link:
subject: Session Confusion.
It's not a secret anymore!