there are many wrong answers on this post ... it would be better if we double check for the answer before posting it, from the
Java specs :
setMaxInactiveInterval
public void setMaxInactiveInterval(int interval)
Specifies the time, in seconds, between client requests before the
servlet container will invalidate this session. A negative time indicates the session should never timeout.
Parameters:
interval - An integer specifying the number of seconds
*Conclusion: for the method setMaxInactiveInterval(x) it means
1) x > 0 ----> you set the idle time in seconds that will invalidate that specific session object
2) x < 0 ----> that specific session object will never expire, ofcourse unless you shut down your web container
3) x = 0 ----> it will have the same meaning as calling sessionObject.invalidate()
while for the <session-timeout> tag in the web.xml file describes the session timeout in minutes, if its 0 or negative means never timeout, and it defaults to 30