The following are the precautions when setting a session timeout:

• Value set for session timeout
  Do not set indefinite session timeout. When indefinite period is set, the area for storing the session information is not released, so memory is continuously consumed.
  
• Specifying the <session-timeout> tag in web.xml
  The valid range of the value specified in the <session-timeout> tag in web.xml is -35,791,394 to 35,791,394. Specify a value in this range.
  

The specification of <init-param>, <load-on-startup>, and <security-role-ref> tags included in the <servlet> tag on web.xml is enabled only when you access servlets or JSP files relevant to the URL pattern defined in the <servlet-mapping> tag. Therefore, the specification is not enabled when the JSP file path is directly specified without the mapping definition in the URL or when the servlet class is specified in the URL using /servlet/ prefix and executed.

When you use the <security-role> tag of web.xml, you must resolve the security role references using the server management commands in the execution environment of the J2EE server mode.

For the Servlet 2.2 specifications and Servlet 2.3 specifications, if you specify the <error-page> tag in web.xml, the status code 200 will be returned when that error page is displayed. If you specify the error page for status code 401, the status code 401 becomes 200, and therefore, you cannot use this error page with Basic authentication. When you use Basic authentication, do not specify the error page for status code 401.

The <run-as> tag, specified in the <servlet> tag element of web.xml, is used when the Enterprise Bean is invoked from the specified servlets or JSPs and is not related to the authentication in Web containers.

Therefore, the <run-as> tag does not affect the isUserInRole method and the getUserPrincipal method of the javax.servlet.http.HttpServletRequest class used for referencing the authentication results in the Web container. For example, even if the isUserInRole method of javax.servlet.http.HttpServletRequest, specifying the role name coded in the <run-as> tag in the argument, is invoked from the servlet or JSP file, the return value is false.

The servlets and JSPs specifying the null character in the <load-on-startup> tag (specified as <load-on-startup></load-on-startup> or <load-on-startup/>) are loaded when the Web module is deployed assuming that 2,147,483,647 is specified in the <load-on-startup> tag.

The <display-name> tag included under the <web-app> tag is used as the file name in the work directory. Specify the display-name in such a way so that the path length of the work directory does not reach the maximum path length defined for the platform (the default is specified on the basis of the WAR file name). For details on estimating the path length of the work directory, see Appendix C.1 Work directory of J2EE server in the manual uCosminexus Application Server System Setup and Operation Guide.

The following table describes the coded contents of web.xml and J2EE server operations when the J2EE applications are compliant with Servlet 2.3:

Table 5-2 Coded contents of web.xml and server operations (1.4 mode)

No.	Coded contents of web.xml	Server operations
1	When webserver.xml.validate=false is specified in property and tags required in the DTD specifications are not coded	An error occurs when importing WAR files.
2	When the <filter-name> tag element included in the <filter> tag is assumed to be an empty element and the <filter-name> tag element included in the <filter-mapping> tag is also assumed to be an empty element	Not executed.
3	The <listener-class> tag element included in the <listener> tag is assumed to be an empty element	The specification of the <listener> tag is ignored and the operation is executed normally.
4	When webserver.xml.validate=false is specified in the property and a tag that can be specified only once in the DTD specifications is coded multiple times	An error occurs when importing the WAR file.
5	When multiple <filter-mapping> tags are coded in the element	The doFilter method is invoked only once.
6	When the parent tags, the tags forming keys as elements under the parent tag, and tags with other information are coded multiple times and when the elements of the tags forming the keys are the same and the other information is different	The parent tag coded first is enabled.
7	When webserver.xml.validate=false is specified in the property and tags are coded in an order that is not defined in the DTD specifications	An error occurs when importing the WAR file.
8	When a string not beginning with '/' is coded in the <jsp-file> tag	'/' is added at the beginning and executed normally.
9	When a string not beginning with '/' other than '*.' is coded in the following <url-pattern> tags: <servlet-mapping>-<url-pattern> <security-constraint>-<web-resource-collection>-<url-pattern>	'/' is added at the beginning and executed normally.
10	When a null character is coded in the <extension> tag element included in the <mime-mapping> tag	An error occurs when importing WAR files.
11	When a null character is coded in the <mime-type> tag element included in the <mime-mapping> tag	An error occurs when importing WAR files.
12	When a null character is coded in the <error-code> tag element included in the <error-page> tag	An error occurs when importing WAR files.
13	When a null character is coded in the <transport-guarantee> tag	An error occurs when importing WAR files.
14	When a null character is coded in the <form-login-page> tag or the <form-error-page> tag	The settings are ignored when importing WAR files.
15	When a null character is specified in the <env-entry-type> tag, <ejb-ref-type> tag, or <ejb-ref-type> tag	An error occurs when importing WAR files.
16	When the <security-constraint> tag is set and the <auth-method> tag is omitted	Imported as Basic authentication.

When the schema is set in such a way so that https is assumed using the gateway specification functionality, even if the request to the Web server is http, https is assumed. As a result, even if INTEGRAL and CONFIDENTIAL is specified in the <transport-guarantee> tag of web.xml, the URL is not redirected to https URL.

If the upper case and lower case characters of the tag library descriptor (TLD file) path specified in the <taglib-location> tag of web.xml or the taglib directive of JSP differ from the actual path, the operations are normal on Windows, but an error occurs in UNIX.

When you migrate the user programs running on Windows to UNIX, check whether the upper case and lower case characters of the tag library descriptor (TLD file) path specified in the <taglib-location> tag of web.xml or the taglib directive of JSP differ from the actual path.

Do not code an internal subset for the DOCTYPE declaration in web.xml. Use only DTD / XML schema defined in the Java EE specifications.

You cannot code Processing Instruction, XInclusion, and a name space prefix with the DD of each project. Even if the value is coded, the value is not read correctly.