File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doubt in Session Time out.

 
raja ram
Ranch Hand
Posts: 169
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I know that when we set the session-timeout value to negative numbers session never invalidates even after calling session.invalidate() explicity.But in one of the mock
exam even


behaves in the same way. Is that correct? How can we check this?

Thanks
[ October 30, 2008: Message edited by: raja ram ]
 
Sandeep Bhandari
Ranch Hand
Posts: 201
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yes that's very much correct
 
Ander Rodriguez
Greenhorn
Posts: 4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I tryied it on Tomcat (web.xml):

<session-config>
<session-timeout>0</session-timeout>
</session-config>

On servlet:

req.getSession().setAttribute("myattribute", "0");
if(req.getParameter("invalidate")!=null){
req.getSession().invalidate();
}
RequestDispatcher dispatcher = req.getRequestDispatcher("page.jsp");
dispatcher.forward(req,resp);

On jsp:

My attribute is: ${sessionScope.myattribute}


Then when i call /MyServlet the result is My attribute is: 0

Then when i call /MyServlet?invalidate=1 the result is My attribute is:


So, i think if you call invalidate, it always invalidate your session.
 
Praveen Kumar
Ranch Hand
Posts: 133
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Always programmatic settings will win/override the declarative settings.

That means if you had negative value as session time out in DD, we can invalidate the session by using session.invalidate() api.

This should clear your doubt.
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Praveen Kumar:
Always programmatic settings will win/override the declarative settings.



true....
 
raja ram
Ranch Hand
Posts: 169
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Yes i to checked,Programmatic set values will always override the declared values in DD,But My doubt is; in HFSJ Page number 273 we have.
A SESSION WHOSE TIMEOUT PERIOD HAS BEEN SET TO -1 WILL NEVER EXPIRE this statement is TRUE.

So what i understand is that this statement will be correct only when we do not explicitly call the invalidate method,In such cases the container will never time out the session, because there is no valid time out value specified.

same thing will happen even when it is set to Zero.However when we call invalidate method explicitly it is for sure to purge the session.Is My understanding Correct?

One More Question:

1.Session will be purged when the time-out has occured
2.When we call invalidate method explicitly
3.Even though the server is restarted the session can still be alive when the server comes up for the next time.because cookies will be still alive
4.Even though the session is created and cookies are clread for the next request it will create new session

I got this understanding by coding on my own and found above thing.Is this behaviour correct?

Thanks
[ October 31, 2008: Message edited by: raja ram ]
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by raja ram:
One More Question:

1.Session will be purged when the time-out has occured
2.When we call invalidate method explicitly
3.Even though the server is restarted the session can still be alive when the server comes up for the next time.because cookies will be still alive
4.Even though the session is created and cookies are clread for the next request it will create new session

I got this understanding by coding on my own and found above thing.Is this behaviour correct?


As far as i know ,you are correct
 
gurneeraj singh
Ranch Hand
Posts: 80
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yeah you are right but remember if cookies are not enabled then session will not be used again one's we logged out
 
Nishit Zaveri
Greenhorn
Posts: 14
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've doubt here: when we set <session-timeout>0</session-timeout> in web.xml, it mean session will never expire (assuming we are not doing anything explicitly). We can also set session timeout with setMaxInactiveInterval method, http://www.coderanch.com/t/418460/java-Web-Component-SCWCD/certification/setMaxInactiveInterval says when we set it to 0 that mean container will immediately expunge session. Can anyone please clear this doubt?
 
raja ram
Ranch Hand
Posts: 169
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Yes, when we set <session-timeout>0</session-timeout>in DD or setMaxInactiveInterval(0) the container will expunge the session immediately.

and in above scenario when we pass negative values then container will never expunge session on its own. TRUE only when we don't call invalidate method explicitly. However when we call invalidate method it is always guarantee to expunge the session.

when we have zero value then session will be expunged by the container immediately so when we call invalidate method explicitly it will throw IllegalStateException.

Thanks
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic