If i understand you question correctly.. here's an answer.
Use a filter to force to check if a session is existing on the client side. If the session is just new or non existant then redirect to your desired page. However this might be a problem if you have login and logout.
Another solution would be to check for the "referrer" header.
well i'm answering my question. apparently the <session-timeout> is a "global" setting. but the session.setMaxInactiveInterval(int) are for specifics or "local" settings.
global meaning those sessions that didn't have their setMaxInactiveInterval set will use the one from the dd. but for those you went thru to the setMaxInactiveInterval will use the one that was set for that specific session object.
I'm wondering if who has the higher priority? For example if a webapp has a DD declared , 15 being 15 mins and then a servlet sets the , 5 being 5 seconds; which does the servlet container favors? the DD declaration or the method call?
Yes. One servlet per JVM One Servlet One JVM. Two Servlets (of the same class and <servlet-name> in web.xml) cannot exist in a single JVM. therefor you can have Two servlets (of the same class and <servlet-name> in web.xml) in Two JVM (correspondingly)
well, no. because there's only one instance of a servlet. meaning for every request made there's only one instance but it will have a thread of execution per request.
so if you have a servlet class that has private static/instance variables it will be used for every request. if request1 did a change on an class or instance variable then request2 will see that change.
Dan's questions are tougher than the ones in the actual exam. I suggest that you take Dan's mock exams after reading the K&B book. Then if you can go through Dan's questions you'll be very confident when you're taking the exam.