Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

JSESSIONID Cookie with Expiration Date in Tomcat

What's the best way to set an expiration date for the JSESSIONID cookie sent by Tomcat for a servlet session?

By default, the expiration date of the cookie seems to be 'session', which means that the session disappears in the client as soon as the browser restarts. But I would like to keep it open for 12h, even after a browser restart (and would then configure the session timeout in the server accordingly).

Is there any way to set an expiration date within Tomcat, e.g. using some configuration option or extension module? Or is there a reliable way to set an expiration date for JSESSIONID using a Servlet filter?

like image 671
Tim Jansen Avatar asked Feb 08 '11 12:02

Tim Jansen


People also ask

How long is a Jsessionid valid?

Sessions expire automatically after a predetermined length of inactivity, which can be configured in Salesforce by clicking Your Name | Setup | Security Controls. The default is 120 minutes (two hours).

How do I expire a session cookie?

Session cookies expire once you log off or close the browser. They are only stored temporarily and are destroyed after leaving the page. They are also known as transient cookies, non-persistent cookies, or temporary cookies.

Is Jsessionid session cookie?

Description. JSESSIONID is a cookie in J2EE web application which is used in session tracking. Since HTTP is a stateless protocol, we need to use any session to remember state. JSESSIONID cookie is created by web container and send along with response to client.

What happen if cookie expires max age is session?

Using cookies to do stuff Cookies without an Expires or Max-Age attribute are treated as session cookies, which means they are removed once the browser is closed. Setting a value on either Expires or Max-Age makes them permanent cookies, since they will exist until they hit their expiry date.


1 Answers

As of Servlet 3.0, this can simply be specified in the web.xml:

<session-config>
    <session-timeout>720</session-timeout> <!-- 720 minutes = 12 hours -->
    <cookie-config>
        <max-age>43200</max-age> <!-- 43200 seconds = 12 hours -->
    </cookie-config>
</session-config>

Note that session-timeout is measured in minutes but max-age is measured in seconds.

like image 107
Sander Avatar answered Oct 19 '22 21:10

Sander