Hi Nilesh Sah,
Did you restart the server after changing the web.xml?
And where is the <session-config> element placed in the web.xml?
Also, are you checking if the session is null before processing the request?
Before processing the request, check if session is null, the session will be null if it has timed out(or invalidated). If session is null then do what you need to do if the session is invalid. I mean process the request only if the session is not NULL.
Regards,
Ganesh
SCJP 1.4
SCWCD 1.4
SCBCD 1.3