tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: scope of a bean
Date Fri, 08 Dec 2000 17:25:02 GMT
Randy Layman wrote:

> Section 1.4.3 of the JSP 1.1 Final Spec (page 24).  Its available at
> <>
> My own understanding:  Session starts at the first time a user in a
> particular web browser instance requests a "resource" from Tomcat.  The
> session ends after the user hasn't make any more requests - default
> configuration this is about 30 minutes (I believe, I've always reset this to
> something else).  There are some caveats about the instances of web browsers
> - some browsers have bugs that allow a session to be used by two separate
> instances if you're using cookie based sessions.

With slightly more precision:

* A session starts when a request is made to a servlet or JSP page
  that initiates it.  For servlets, you have to do this deliberately by
  calling request.getSession().  JSP pages create a session for you
  (if it doesn't exist already) unless you tell it not to in your <%@ page %>

* A session ends when it either times out (see more below) or you
  call session.invalidate() on it.  The latter would typically be done
  by your "logout" processing.

Session timeouts are based on the time between requests, not the total time that
the session has been in existence.  The default session timeout is configured in
your web.xml file; you can also adjust it on the fly by calling

You will want the servlet 2.2 spec (referenced in an earlier email message) as
well as the JSP spec to get the complete picture here.

>     Randy

Craig McClanahan

View raw message