The session timeout in a web application can be configurable in two ways

1) Timeout in the deployment descriptor (web.xml)

- Specified the timeout value in “minute” , enclose with “session-config” element.

<web-app ...>
	<session-config>
		<session-timeout>20</session-timeout>
	</session-config>
</web-app>

The above setting is apply for the entire web application, and session will be kill by container if client doesn’t make any request after 20 minutes.

2) Timeout with setMaxInactiveInterval()

- You can manually specified the timeout value in “second” for a particular session.

HttpSession session = request.getSession();
session.setMaxInactiveInterval(20*60);

The above setting is only apply on session which call the “setMaxInactiveInterval()” method, and session will be kill by container if client doesn’t make any request after 20 minutes.

Thoughts….

This is a bit confusing , the value in deployment descriptor (web.xml) is in “minute”, but the setMaxInactiveInterval() method is accept the value in “second”. Both functions should synchronize it in future release :)

Tags :
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter, or befriend him on Facebook or Google Plus. If you like my tutorials, consider making a donation to the charity, thanks.

Related Posts

Popular Posts