• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Doubt in Session Time out.

 
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I know that when we set the session-timeout value to negative numbers session never invalidates even after calling session.invalidate() explicity.But in one of the mock
exam even


behaves in the same way. Is that correct? How can we check this?

Thanks
[ October 30, 2008: Message edited by: raja ram ]
 
Ranch Hand
Posts: 201
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
yes that's very much correct
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I tryied it on Tomcat (web.xml):

<session-config>
<session-timeout>0</session-timeout>
</session-config>

On servlet:

req.getSession().setAttribute("myattribute", "0");
if(req.getParameter("invalidate")!=null){
req.getSession().invalidate();
}
RequestDispatcher dispatcher = req.getRequestDispatcher("page.jsp");
dispatcher.forward(req,resp);

On jsp:

My attribute is: ${sessionScope.myattribute}


Then when i call /MyServlet the result is My attribute is: 0

Then when i call /MyServlet?invalidate=1 the result is My attribute is:


So, i think if you call invalidate, it always invalidate your session.
 
Ranch Hand
Posts: 133
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Always programmatic settings will win/override the declarative settings.

That means if you had negative value as session time out in DD, we can invalidate the session by using session.invalidate() api.

This should clear your doubt.
 
Ranch Hand
Posts: 5575
Eclipse IDE Windows XP Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Praveen Kumar:
Always programmatic settings will win/override the declarative settings.



true....
 
raja ram
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Yes i to checked,Programmatic set values will always override the declared values in DD,But My doubt is; in HFSJ Page number 273 we have.
A SESSION WHOSE TIMEOUT PERIOD HAS BEEN SET TO -1 WILL NEVER EXPIRE this statement is TRUE.

So what i understand is that this statement will be correct only when we do not explicitly call the invalidate method,In such cases the container will never time out the session, because there is no valid time out value specified.

same thing will happen even when it is set to Zero.However when we call invalidate method explicitly it is for sure to purge the session.Is My understanding Correct?

One More Question:

1.Session will be purged when the time-out has occured
2.When we call invalidate method explicitly
3.Even though the server is restarted the session can still be alive when the server comes up for the next time.because cookies will be still alive
4.Even though the session is created and cookies are clread for the next request it will create new session

I got this understanding by coding on my own and found above thing.Is this behaviour correct?

Thanks
[ October 31, 2008: Message edited by: raja ram ]
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Windows XP Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by raja ram:
One More Question:

1.Session will be purged when the time-out has occured
2.When we call invalidate method explicitly
3.Even though the server is restarted the session can still be alive when the server comes up for the next time.because cookies will be still alive
4.Even though the session is created and cookies are clread for the next request it will create new session

I got this understanding by coding on my own and found above thing.Is this behaviour correct?



As far as i know ,you are correct
 
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yeah you are right but remember if cookies are not enabled then session will not be used again one's we logged out
 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've doubt here: when we set <session-timeout>0</session-timeout> in web.xml, it mean session will never expire (assuming we are not doing anything explicitly). We can also set session timeout with setMaxInactiveInterval method, https://coderanch.com/t/418460/java-Web-Component-SCWCD/certification/setMaxInactiveInterval says when we set it to 0 that mean container will immediately expunge session. Can anyone please clear this doubt?
 
raja ram
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Yes, when we set <session-timeout>0</session-timeout>in DD or setMaxInactiveInterval(0) the container will expunge the session immediately.

and in above scenario when we pass negative values then container will never expunge session on its own. TRUE only when we don't call invalidate method explicitly. However when we call invalidate method it is always guarantee to expunge the session.

when we have zero value then session will be expunged by the container immediately so when we call invalidate method explicitly it will throw IllegalStateException.

Thanks
 
Don't mess with me you fool! I'm cooking with gas! Here, read this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic