The moose likes Servlets and the fly likes Clarify my Assumption Regarding Session Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Clarify my Assumption Regarding Session" Watch "Clarify my Assumption Regarding Session" New topic

Clarify my Assumption Regarding Session

Parthiban Malayandi
Ranch Hand

Joined: Apr 15, 2008
Posts: 70
Hi all,

I'm studying HeadFirst Servlets and JSP book . In Chapter 6 (Conversation state ) I came to know that one of the ways to invalidate a session is either by calling setMaxInactiveInterval method from HttpSession interface or by specifying <session-timeout> tag in DD .

Author explained the difference between the two ways like this:

The time(in Minutes) specified in <session-timeout> tag is applicable for ALL Sessions where as setMaxInactiveInterval() overrides that global time set by <session-timeout> tag to that Particular session if specified

What confuses me is this:

At any time there will be only ONE session for a particular Client(Browser) . so I think that "ALL Sessions" by author represents from Server point of View . Am I correct ?

So here are my Assumption :
Since there will be only ONE Session per client at any time that ALL Sessions represents from the Server point of view(One per Client)

Please tell me that whether my assumptions are correct or not. if not please clarify me.

Thanks in advance

Ankit Garg

Joined: Aug 03, 2008
Posts: 9462

I couldn't understand your point properly but I think you are getting it wrong. Suppose you set the <session-timeout> to set session timeout to be 20 minutes. Now there are two login panels in your site. In one of them, the servlet code to login the user looks like this

So now for this user, the timeout will be 20 minutes. So if they don't do any activity for 20 minutes, their session will expire. In the second login panel, the servlet code to login the user looks like this

Now this user can remain inactive for 30 minutes before their session expires. So basically the <session-timeout> value is used to decide the session's timeout period if you don't provide one using the setMaxInactiveInterval() method...

SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Jitendra Takalkar

Joined: Jan 12, 2007
Posts: 9
Problem statement:
XYZ webbased system and users of system belongs to department. There are two departments
finance and personal. If requirement is for users belongs to finance department session time out
is 10 minutes and other than finance, users session timeout should be 30 minutes.

Possible Approch:
1. Set default session time out using
to 30 minutes.
2. After successful user authentication check for the user department.

If department is finance Then
API to override 30 min session time out
to 10 minutes and this session time will be applicable to that user not other users and there
session time out.
End IF

Hope this example helps you to get and clear understanding and about the difference between
use of
Parthiban Malayandi
Ranch Hand

Joined: Apr 15, 2008
Posts: 70
Hi Ankit and Jitendra

Thanks for your replies and sorry for the delayed reply of mine.

I'm clear about the difference between the two.

To be very precise the following is the extract from the chapter 6(page no :245)

If you want to change the session-timeout value for
a particular session instance (without affecting the
timeout length for any other sessions in the app):


I understood that for a particular client(Browser) at any time there will be only one session(one jsessionId cookie) in both the server(webContainer) and client(Browser)
so in that sentence for "any other sessions" refers to the sessions in the server for other clients.

Am I right ?

I agree. Here's the link:
subject: Clarify my Assumption Regarding Session
It's not a secret anymore!