According to the Servlet specification, session can be set to never timeout by setting the timeout period to -1.
If the session never times out then the only time the session object should be garbage collected is if the user explicitly logs off the system. Doesn't this present a situation where the number of session objects being persisted on the server could grow without bound until the server itself crashed? I imagine that this would happen if users consistently exited the application by closing the browser instead of using the application's logoff feature.
I hope that I have missed something as this sounds like a serious pitfall...
> According to the Servlet specification, session can be set > to never timeout by setting the timeout period to -1. > > If the session never times out then the only time the > session object should be garbage collected is if the user > explicitly logs off the system. Doesn't this present a > situation where the number of session objects being > persisted on the server could grow without bound until the > server itself crashed? I imagine that this would happen if > users consistently exited the application by closing the > browser instead of using the application's logoff > feature. > > I hope that I have missed something as this sounds like a > serious pitfall...
closing the browser window closes the session as well.
Previous Topic
