Menu
Is there any way of specifying session timeout in Spring? I can not specify it in web.xml. As I am using session scope bean in controller as follows
I have configured controller through spring xml files.
class xyzController{
ABCSessionScopeClass objectWhichWillBeStoredInSession;
}
I can not use this either
session.setMaxInactiveInterval(60*60);
Is there any other way of doing this. I don't mind setting timeout per session or for all session at the same time.
702
Spring Security Session Timeout In the case of Tomcat we can set the session timeout by configuring the maxInactiveInterval attribute on the manager element in server. xml or using the session-timeout element in web. xml.
If we don't specify the duration unit, Spring will assume it's seconds. In a nutshell, with this configuration, the session will expire after 15 minutes of inactivity. The session is considered invalid after this period of time.
Default is 600 seconds.
Solution using Pure Spring MVC, sevlet context.xml
<mvc:interceptors>
<bean class="com.xxx.SessionHandler" />
</mvc:interceptors>
Handler Adapter
@Component
public class SessionHandler extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
request.getSession().setMaxInactiveInterval(60*60);
return true;
}
}
Assuming you are using spring security,
For each successful login i think best way is to create LoginSuccessHandler and specify authentication-success-handler for normal login as well as remember-me.
@Service
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(
HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) throws ServletException, IOException {
request.getSession().setMaxInactiveInterval(60*60);
super.onAuthenticationSuccess(request, response, authentication);
}
}
<http auto-config="true" use-expressions="true">
<form-login login-page="/login"
authentication-failure-url="/login.hst?error=true"
**authentication-success-handler-ref="loginSucessHandler"** />
<logout invalidate-session="true" logout-success-url="/home" logout-url="/logout" />
<remember-me key="jbcp" **authentication-success-handler-ref="loginSucessHandler"**/>
<session-management>
<concurrency-control max-sessions="1" />
</session-management>
</http>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
