Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JSESSIONID Cookie with Expiration Date in Tomcat

Tags:

cookies

servlets

session

tomcat

jsessionid

What's the best way to set an expiration date for the JSESSIONID cookie sent by Tomcat for a servlet session?

By default, the expiration date of the cookie seems to be 'session', which means that the session disappears in the client as soon as the browser restarts. But I would like to keep it open for 12h, even after a browser restart (and would then configure the session timeout in the server accordingly).

Is there any way to set an expiration date within Tomcat, e.g. using some configuration option or extension module? Or is there a reliable way to set an expiration date for JSESSIONID using a Servlet filter?

like image 671
Tim Jansen Avatar asked Feb 08 '11 12:02

Tim Jansen

People also ask

How long is a Jsessionid valid?

Sessions expire automatically after a predetermined length of inactivity, which can be configured in Salesforce by clicking Your Name | Setup | Security Controls. The default is 120 minutes (two hours).

How do I expire a session cookie?

Session cookies expire once you log off or close the browser. They are only stored temporarily and are destroyed after leaving the page. They are also known as transient cookies, non-persistent cookies, or temporary cookies.

Is Jsessionid session cookie?

Description. JSESSIONID is a cookie in J2EE web application which is used in session tracking. Since HTTP is a stateless protocol, we need to use any session to remember state. JSESSIONID cookie is created by web container and send along with response to client.

What happen if cookie expires max age is session?

Using cookies to do stuff Cookies without an Expires or Max-Age attribute are treated as session cookies, which means they are removed once the browser is closed. Setting a value on either Expires or Max-Age makes them permanent cookies, since they will exist until they hit their expiry date.

1 Answers

As of Servlet 3.0, this can simply be specified in the web.xml:

<session-config>
    <session-timeout>720</session-timeout> <!-- 720 minutes = 12 hours -->
    <cookie-config>
        <max-age>43200</max-age> <!-- 43200 seconds = 12 hours -->
    </cookie-config>
</session-config>

Note that session-timeout is measured in minutes but max-age is measured in seconds.

like image 107
Sander Avatar answered Oct 19 '22 21:10

Sander
Sign in to Comment

Related questions

Best way for allowing subdomain session cookies using Tomcat
How to Detect Browser Window /Tab Close Event?
How easily can you guess a GUID that might be generated?
session_start() takes VERY LONG TIME
ExpressJS session expiring despite activity
How to keep session alive without reloading page?
C# keep session id over httpwebrequest
The script tried to execute a method or access a property of an incomplete object
What is the difference between cookie and cookiejar?
PHP session handling errors
How to create "remember me checkbox" using Codeigniter session library?
Laravel session data not sticking across page loads
Codeigniter cannot load libraries
accessing constants in JSP (without scriptlet) [duplicate]
What is the difference between StatelessSession and Session in NHibernate?
Is it possible to "transfer" a session between selenium.webdriver and requests.session
Significant differences between Cookies and JWT for native mobile apps
asp.net session variables on Session_End
Can you have multiple transactions within one Hibernate Session?
Creating master-detail pages for entities, how to link them and which bean scope to choose

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!