can any one please clear my doubt about session timeout.In HFSJ it was mentioned like this, if we give -1 as session timeout value the session will never expire.Is it true.
I am doubtful about it.If any one knows please share your knowledge.
mohana krishna wrote:If Session-timeout in DD is 0 then session will never expire
Hmm interesting, the 0 value's behavior is not specified in JavaEE 5 documentation but it is in JavaEE 6 documentation. I'll have to check the servlet specification 2.4 if 0 timeout is specified in it but if its not then it will not be asked in SCWCD 5 exam...
"The session-timeout element defines the default
session timeout interval for all sessions created
in this web application. The specified timeout
must be expressed in a whole number of minutes.
If the timeout is 0 or less, the container ensures
the default behaviour of sessions is never to time
out. If this element is not specified, the container
must set its default timeout period."
So If Session-timeout in DD is 0 then session will never expire.
EE5 "Specifies the time, in seconds, between client requests before the servlet container will invalidate this session.
A negative time indicates the session should never timeout. "
EE6 "Specifies the time, in seconds, between client requests before the servlet container will invalidate this session.
An interval value of zero or less indicates that the session should never timeout."
It can be set-up in the deployment descriptor:
--- minutes (<= 0, session should never expire)
- Individual session, setMaxInactiveInterval(int seconds) --- seconds (<0 never expire, 0 expire immediately).
If you define values in DD and in code then the value specified in code will override the session timeout for that session.