There are 2 inconsistencies in the way the session-timeout tag of the DD and setMaxInactiveInterval() method of HttpSession work :
1. The session-timeout value is specified in minutes, while the setMaxInactiveInterval() method accepts seconds.
2. A session-timeout value of 0 or less means that the session will never expire, while if we want to specify that a session will never expire using setMaxInactiveinterval method, a negative value (not 0) is required.
Is the second statement correct?
I think we can
test it and see but what's your answers ?