• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session timeout

 
Manjesh Patil
Ranch Hand
Posts: 42
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can anyone clarify this concept....?

I am implementing a session timeout and re-login use case

HttpSession session=null

if(req.getRequestedSessionId()!=null && !req.isRequestedSessionIdValid()){
//in validate the session session.invalidate();
//redirect to login page.
}
session=req.getSession( true );
s.setMaxInactiveInterval(60);

1. after 1 minutes, will this code cause session object to become null eventually?
2. s.setMaxInactiveInterval(60); does this code invalidates only the session token ordering between client and server and still keeps the server side session alive?

thanks in advance.

 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13061
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1. The servlet container is allowed to invalidate the session after the timeout - happens when the container gets around to it.
2. Invalidation is on the server side of course. The client browser will still submit the same cookie ID value but there will be no corresponding session.

Bill
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic