I'm a little bit confused when it comes to using 0 or -1 with setMaxInactiveInterval for the session and setMaxAge for the cookie.
Here is what I mean
1 - What invalidates the session automatically ? setMaxInactiveInterval(0) or setMaxInactiveInterval(-1)
2 - What makes the cookie disapears automatically when the users exits setMaxAge(0) or setMaxAge(-1) ?
SCJP 5 (76%)
SCWCD 5 (86%)
"The greatest glory in living lies not in never falling, but in raising every time we fall.".. Nelson Mandela
Phillipe Eduardo Lemos
posted 7 years ago
Hi Mamadou Tour�
The method setMaxInactiveInterval set the time in seconds between the clients requests before sevlet container invalidate the session. The negative values indicate that session will never timeout. If you want to invalidate the session it has two possibilities a) call invalidate method of HttpSession. b) set setMaxInactiveInterval to zero.
The method setMaxAge set the maximum age of cookie in seconds. The positive values indicate that the cookie will expire after that many seconds have passed. The negative value means that the cookie it's not stored persistently and will be deleted when the browser exits. If the value is zero the cookie will delete. (see http://java.sun.com/j2ee/1.4/docs/api/index.html)