Terminating sessions via the invalidate() method is common to all servlet containers. So is the fact that you can set the default session timeout to 0 or less in web.xml to turn off timeouts (by default, at least).I believe Tomcat does provide that... not sure since when (which version), though.
Finally, there is another less-commonly known feature of session timeouts -- you can vary the timeout for each request individually, by calling HttpSession.setMaxInactiveInterval(). If you have points in your application where you really do want to enforce a different timeout within the same session, it is straightforward to do so.
Craig McClanahan
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
