By default the JSESSIONID
cookie is expired when you close the browser, but how long is the associated HttpSession
really valid on the server side?
The default is 10 minutes. Session. Timeout has no hard-coded limit. Most Web administrators set this property to 8 minutes.
In the TCP Session Timeout Duration field, enter the time, in seconds, after which inactive TCP sessions are removed from the session table. Most TCP sessions terminate normally when the RST or FIN flags are detected. This value ranges from 0 through 4,294,967 seconds. The default is 1,800 seconds (30 minutes).
20 minuts is default timeout.
By default, a session ends (times out) after 30 minutes of user inactivity. There is no limit to how long a session can last.
It defaults to 30 minutes on most containers which you can configure by <session-config>
in your webapp's web.xml
.
<session-config>
<session-timeout>10</session-timeout>
</session-config>
The above example will change the server side session timeout to 10 minutes. So in other words, when the client do not interact with the server for more than 10 minutes (even though the browser is kept open that long), then the session will expire on the server side. Any next request will create a new session.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With