I have question on session invalidation. I design the login page by using jsp. i did the business logic in servlet.
I want to invalidate my session after 10 seconds of idle state of user and again i want to redirect to my login page. please help me how to write the code for this task.
i write something like below code , in that code i think some where i did the mistake.
Actually in this i set setMaxInactiveInterval to 10seconds.
Whether you set the timeout value in web.xml or in your code (after you have logged the user in) you do not invalidate the session yourself. The servlet container does it for you. Why else you even would have a method called setMaxInactiveInterval() if setting it does not have any effect?
So you just check (in a servlet filter preferably or (bad choice) in every servlet in your application) if the session exists and do the redirect if it does not. At least that is one way to do it. Maybe there is a better way to do the redirect in web.xml as well.