I am new to spring security and using it for authentication. I am facing a issue that when the browser is closed or in case of any unusual failure the session expires but I am unable catch the event so as to get the clean up code executed.
I explore about it and found HttpSessionEventPublisher
in Spring to capture HttpSessionDestroyedEvent
in sessionDestroyed()
method but that is not called when I close the browser.
Request to suggest solution for the same.
getAuthentication(); If you want to be notified when session has expired or person logged out you can always register listener on SessionDestroyedEvent - documentation. Its also worth to refer to spring docs for that subject.
Spring Security Session Timeout In the case of Tomcat we can set the session timeout by configuring the maxInactiveInterval attribute on the manager element in server. xml or using the session-timeout element in web. xml. Note that the first option will affect every app that's deployed to the Tomcat instance.
Enum SessionCreationPolicySpecifies the various session creation policies for Spring Security.
Maybe SessionManagementFilter could help?
Or you can configure Spring Security to automatically redirect user if timeout occured: Detecting timeouts section.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With