When you are done with a user's session data, you have several options −
Remove a particular attribute − You can call the public void removeAttribute(String name) method to delete the value associated with the particular key.
Delete the whole session − You can call the public void to invalidate() method to discard an entire session.
Setting Session timeout − You can call the public void setMaxInactiveInterval(int interval) method to set the timeout for a session individually.
Log the user out − The servers that support servlets 2.4, you can call log out to log the client out of the Web server and invalidate all sessions belonging to all the users.
web.xml Configuration − If you are using Tomcat, apart from the above-mentioned methods, you can configure the session time out in web.xml file as follows.
<session-config> <session-timeout>15</session-timeout> </session-config>
The timeout is expressed as minutes and overrides the default timeout which is 30 minutes in Tomcat.
The getMaxInactiveInterval( ) method in a servlet returns the timeout period for that session in seconds. So if your session is configured in web.xml for 15 minutes, getMaxInactiveInterval( ) returns 900.