So, after all this story, I guess you know where I am coming to. We are going to learn how to invalidate a session in this chapter.
So, lets get started!!!
Invalidating sessions is important as well as tricky. You need to be cautious when you encounter questions in the exam that asks whether the session would be invalidated under a particular scenario. They might lure you into thinking that the session might be invalidated where in reality the session would be very much active.
When is session invalid Surfing to another Web site does not invalidate a session, but quitting the browser does. The user can surf from your page to somewhere else and back again without losing the session. The session will remain intact unless the user was away longer than the timeout.
The six most commonly used methods to invalidate a session are
• Calling HttpSession.setMaxInactiveInterval(int secs) method, explicitly setting how many minutes the session will last.
• The session will automatically be invalid after a certain time of inactivity (Tomcat default is 30 minutes). You need to remember that this 30 minutes is not a hard and fast rule for all servers. It might vary from one server to another and is configurable. So you can have it configured to last 25 mins in your server and I can have it to last 20 mins.
• The user closes all browser windows. Note that, here the session will timeout rather than directly triggering a session invalidation.
• The session will expire when it is explicitly invalidated by a servlet by calling invalidate().
• The server is stopped or crashes. Note that this event might not trigger a session invalidation. A Web container that permits failover might persist the session and allow a backup Web container to take over when the original server fails.
• You can set the default timeout in the web.xml file (
Don't worry about the web.xml file just yet. We shall be covering it in great detail in future so for now just remember that you can set the session timeout interval in the web.xml file and that is as much you need to know at this point of time.
Previous Chapter: Chapter 22 - Session Event Listeners
Next Chapter: Chapter 24 - Session Tracking Through URL Rewriting