This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Doubt in Session Time out. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Doubt in Session Time out." Watch "Doubt in Session Time out." New topic
Author

Doubt in Session Time out.

raja ram
Ranch Hand

Joined: Mar 02, 2008
Posts: 169
Hi,

I know that when we set the session-timeout value to negative numbers session never invalidates even after calling session.invalidate() explicity.But in one of the mock
exam even


behaves in the same way. Is that correct? How can we check this?

Thanks
[ October 30, 2008: Message edited by: raja ram ]
Sandeep Bhandari
Ranch Hand

Joined: Apr 16, 2004
Posts: 201
yes that's very much correct


SCJP 96% | SCWCD 90%| SCJP mock exams | My SCJP blog
Ander Rodriguez
Greenhorn

Joined: Oct 30, 2008
Posts: 4
I tryied it on Tomcat (web.xml):

<session-config>
<session-timeout>0</session-timeout>
</session-config>

On servlet:

req.getSession().setAttribute("myattribute", "0");
if(req.getParameter("invalidate")!=null){
req.getSession().invalidate();
}
RequestDispatcher dispatcher = req.getRequestDispatcher("page.jsp");
dispatcher.forward(req,resp);

On jsp:

My attribute is: ${sessionScope.myattribute}


Then when i call /MyServlet the result is My attribute is: 0

Then when i call /MyServlet?invalidate=1 the result is My attribute is:


So, i think if you call invalidate, it always invalidate your session.
Praveen Kumar
Ranch Hand

Joined: Nov 06, 2006
Posts: 133
Always programmatic settings will win/override the declarative settings.

That means if you had negative value as session time out in DD, we can invalidate the session by using session.invalidate() api.

This should clear your doubt.
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Originally posted by Praveen Kumar:
Always programmatic settings will win/override the declarative settings.



true....
raja ram
Ranch Hand

Joined: Mar 02, 2008
Posts: 169
Hi,

Yes i to checked,Programmatic set values will always override the declared values in DD,But My doubt is; in HFSJ Page number 273 we have.
A SESSION WHOSE TIMEOUT PERIOD HAS BEEN SET TO -1 WILL NEVER EXPIRE this statement is TRUE.

So what i understand is that this statement will be correct only when we do not explicitly call the invalidate method,In such cases the container will never time out the session, because there is no valid time out value specified.

same thing will happen even when it is set to Zero.However when we call invalidate method explicitly it is for sure to purge the session.Is My understanding Correct?

One More Question:

1.Session will be purged when the time-out has occured
2.When we call invalidate method explicitly
3.Even though the server is restarted the session can still be alive when the server comes up for the next time.because cookies will be still alive
4.Even though the session is created and cookies are clread for the next request it will create new session

I got this understanding by coding on my own and found above thing.Is this behaviour correct?

Thanks
[ October 31, 2008: Message edited by: raja ram ]
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Originally posted by raja ram:
One More Question:

1.Session will be purged when the time-out has occured
2.When we call invalidate method explicitly
3.Even though the server is restarted the session can still be alive when the server comes up for the next time.because cookies will be still alive
4.Even though the session is created and cookies are clread for the next request it will create new session

I got this understanding by coding on my own and found above thing.Is this behaviour correct?


As far as i know ,you are correct
gurneeraj singh
Ranch Hand

Joined: Mar 19, 2008
Posts: 80
Yeah you are right but remember if cookies are not enabled then session will not be used again one's we logged out


SCJP 5.0 93%<br /> <br />SCWCD 5.0 97 %
Nishit Zaveri
Greenhorn

Joined: Oct 07, 2008
Posts: 14
I've doubt here: when we set <session-timeout>0</session-timeout> in web.xml, it mean session will never expire (assuming we are not doing anything explicitly). We can also set session timeout with setMaxInactiveInterval method, http://www.coderanch.com/t/418460/java-Web-Component-SCWCD/certification/setMaxInactiveInterval says when we set it to 0 that mean container will immediately expunge session. Can anyone please clear this doubt?


Nishit.
raja ram
Ranch Hand

Joined: Mar 02, 2008
Posts: 169
Hi,

Yes, when we set <session-timeout>0</session-timeout>in DD or setMaxInactiveInterval(0) the container will expunge the session immediately.

and in above scenario when we pass negative values then container will never expunge session on its own. TRUE only when we don't call invalidate method explicitly. However when we call invalidate method it is always guarantee to expunge the session.

when we have zero value then session will be expunged by the container immediately so when we call invalidate method explicitly it will throw IllegalStateException.

Thanks
 
wood burning stoves
 
subject: Doubt in Session Time out.