File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes session timeout Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "session timeout" Watch "session timeout" New topic

session timeout

Manjesh Patil
Ranch Hand

Joined: Sep 24, 2010
Posts: 42

Can anyone clarify this concept....?

I am implementing a session timeout and re-login use case

HttpSession session=null

if(req.getRequestedSessionId()!=null && !req.isRequestedSessionIdValid()){
//in validate the session session.invalidate();
//redirect to login page.
session=req.getSession( true );

1. after 1 minutes, will this code cause session object to become null eventually?
2. s.setMaxInactiveInterval(60); does this code invalidates only the session token ordering between client and server and still keeps the server side session alive?

thanks in advance.

William Brogden
Author and all-around good cowpoke

Joined: Mar 22, 2000
Posts: 13024
1. The servlet container is allowed to invalidate the session after the timeout - happens when the container gets around to it.
2. Invalidation is on the server side of course. The client browser will still submit the same cookie ID value but there will be no corresponding session.

I agree. Here's the link:
subject: session timeout
It's not a secret anymore!