TechQA.

Ideal Spring Session Timeout Configuration

734 views Asked by At

You can either set the session timeout (say 60 minutes) for all sessions in web.xml:

<session-config>
  <session-timeout>60</session-timeout>
</session-config>

or on a per-session basis using

session.setMaxInactiveInterval(60*60);

the latter you might want to do in a authorizationSuccessHandler.

<form-login authentication-success-handler-ref="authenticationSuccessHandler"/>

My questions:

  1. Are the two approaches mentioned above same ?
  2. If not, how to set inactive timeout as described in second approach via Spring Configuration XML?
  3. What is the ideal approach to set set session timeout in spring framework?
spring spring-mvc session spring-security spring-session
Original Q&A
1

There are 1 answers

0
sagarr On

Are the two approaches mentioned above same ?

Yes, only difference is in former case session timeout is set by servlet container e.g tomcat and in later case its done by Spring.

If not, how to set inactive timeout as described in second approach via Spring Configuration XML?

You have to write custom filter to set session timeout, as far as my knowledge goes there nothing where you can set session time out in Spring XML

What is the ideal approach to set set session timeout in spring framework?

Let the session timeout handle by container like one you define in web.xml, if you are changing session time a lot in running app, then you can consider Spring managed session timeout by using interceptor.

Related Questions in SPRING

Related Questions in SPRING-MVC

Related Questions in SESSION

Related Questions in SPRING-SECURITY

Related Questions in SPRING-SESSION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions