Is it advisable to set
<session-config>
<session-timeout>-1</session-timeout>
</session-config>
what are the dis advantages of doing so ??? Is there any better way to make sure the session never expires ???
Asked
Active
Viewed 151 times
0
Ragesh Kr
- 1,573
- 8
- 29
- 46
-
What is it you want? Do you really want a session to never expire? Or do you want the session never to expire while the user is active on the website? Different questions, different solution. Setting the session to never expire will probably lead to server starvation in the end. `HttpSession`s take up memory, if they hang around for ever and ever your memory will be eaten by inactive sessions. – M. Deinum Jan 29 '14 at 13:48
-
I want the session to say Untill the user logs out. Untill he logs out the session shld stay it shouldnt expire.. – Ragesh Kr Jan 29 '14 at 14:20
-
Then use a heartbeat or something (i.e. from a javascript function call something on the server). The session-timeout doesn't mean the session is only active for 30 minutes (or what value you put in there), but that the session will time-out after 30 minutes of inactivity. – M. Deinum Jan 29 '14 at 14:59
1 Answers
0
There are no disadvantages. That just means the session won't expire. How would there be a "better" way?
Kayaman
- 72,141
- 5
- 83
- 121