How can I specify the age of the cookie (single-session or persistent) set by the Servlets session tracking APIs?

Alex Chaffee

The current specs (2.2 and 2.3) allow the app developer to set the "session timeout" in minutes in the <session-config><session-timeout> element.

However, as far as I can tell, there is no standard way to specify the age of the cookie the servlet container uses to drop the session ID on the browser.

One reason this could be useful is to set the cookie age to -1, guaranteeing that a session never lasts longer than the current browser session, regardless of its longevity inside the server.