• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Clarify my Assumption Regarding Session

 
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I'm studying HeadFirst Servlets and JSP book . In Chapter 6 (Conversation state ) I came to know that one of the ways to invalidate a session is either by calling setMaxInactiveInterval method from HttpSession interface or by specifying <session-timeout> tag in DD .

Author explained the difference between the two ways like this:

The time(in Minutes) specified in <session-timeout> tag is applicable for ALL Sessions where as setMaxInactiveInterval() overrides that global time set by <session-timeout> tag to that Particular session if specified

What confuses me is this:

At any time there will be only ONE session for a particular Client(Browser) . so I think that "ALL Sessions" by author represents from Server point of View . Am I correct ?

So here are my Assumption :
Since there will be only ONE Session per client at any time that ALL Sessions represents from the Server point of view(One per Client)

Please tell me that whether my assumptions are correct or not. if not please clarify me.


Thanks in advance

 
Sheriff
Posts: 9707
43
Android Google Web Toolkit Hibernate IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I couldn't understand your point properly but I think you are getting it wrong. Suppose you set the <session-timeout> to set session timeout to be 20 minutes. Now there are two login panels in your site. In one of them, the servlet code to login the user looks like this



So now for this user, the timeout will be 20 minutes. So if they don't do any activity for 20 minutes, their session will expire. In the second login panel, the servlet code to login the user looks like this



Now this user can remain inactive for 30 minutes before their session expires. So basically the <session-timeout> value is used to decide the session's timeout period if you don't provide one using the setMaxInactiveInterval() method...
 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Problem statement:
==================
XYZ webbased system and users of system belongs to department. There are two departments
finance and personal. If requirement is for users belongs to finance department session time out
is 10 minutes and other than finance, users session timeout should be 30 minutes.

Possible Approch:
=================
1. Set default session time out using

<session-timeout></session-timeout>

to 30 minutes.
2. After successful user authentication check for the user department.

If department is finance Then
use

HttpSession.setMaxInactiveInterval()

API to override 30 min session time out
to 10 minutes and this session time will be applicable to that user not other users and there
session time out.
End IF


Hope this example helps you to get and clear understanding and about the difference between
use of

<session-timeout></session-timeout>

and

HttpSession.setMaxInactiveInterval()

.
 
Parthiban Malayandi
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ankit and Jitendra

Thanks for your replies and sorry for the delayed reply of mine.

I'm clear about the difference between the two.

To be very precise the following is the extract from the chapter 6(page no :245)

If you want to change the session-timeout value for
a particular session instance (without affecting the
timeout length for any other sessions in the app):

session.setMaxInactiveInterval(20*60);


I understood that for a particular client(Browser) at any time there will be only one session(one jsessionId cookie) in both the server(webContainer) and client(Browser)
so in that sentence for "any other sessions" refers to the sessions in the server for other clients.

Am I right ?


 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic