Hi Gary, can't tell for sure, but if its true what they say in the API docs, sessions with maxInterval set to a negative value should never time out. 'Never' is not equal to 'not never', I guess, so I would expect the server just won't say invalidate() by itself (and reclaim resources), but to keep the session active at least until next restart (and this only if the session information is kept in memory and not stored in a database which depends on the implementation - keep the 'distributable' tag in mind here). Meanwhile, the client almost certainly will have ended conversation; session cookies are expired and url rewriting info be lost. In a dynamic application and due to the request/response model, there is no means of regaining the SessionID, so I presume the 'old' session will still be hanging around if the user didn't explicitly log out, but just closed his browser. I wouldn't recommend to switch off the timout mechanism comple- tely, but to set the timeout interval to reasonable values, may that be 24 hrs or longer in your case. Keep in mind that this means 24hrs or more without a single request...better check for life signals first if you still experience timouts in such a case ;)
-- Chris (SCPJ2) ----- Original Message ----- From: "Gary Ekins" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 10, 2002 6:28 PM Subject: Session expiration > Hi all, > > I'm sure this question has been answered before, but I can't for the life of > me find the answer anywhere. > > I'm developing a system which uses the session API for log in/outs. I don't > want a user's session to timeout, so I'm calling > session.setMaxInactiveInterval(-1) which works fine. But my question is - > do these sessions ever actually expire? > > i.e. a user logs on on a Monday morning and they then switch their computer > off Monday evening. When they start again on the Tuesday they'll obviously > get a new session, but is the old one still hanging around on the server at > that time? And what about on the Friday? Or the week/month after?! > > So: Is there any way to control or predict when the inactive session > actually becomes expired? > > Many thanks, > Gary. > > ------------------------------------------------------ > Email me - [EMAIL PROTECTED] > K's Web - http://www.kingstonian.net > > ___________________________________________________________________________ > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
