Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Boot session timeout

Tags:

spring-boot

server.session-timeout seems to be working only for embedded tomcat.

I put a log statement to check the session max interval time. After deploying the war file manually to tomcat, I realized that default session timeout value (30 min) was being used still.

How can I set session timeout value with spring-boot (not for embedded tomcat, but for a stand-alone application server)?

like image 878
led Avatar asked Jan 23 '15 05:01

led

People also ask

How do I set a session timeout in spring?

Spring Security Session Timeout In the case of Tomcat we can set the session timeout by configuring the maxInactiveInterval attribute on the manager element in server. xml or using the session-timeout element in web. xml. Note that the first option will affect every app that's deployed to the Tomcat instance.

1 Answers

[Just in case someone finds this useful]

If you're using Spring Security you can extend the SimpleUrlAuthenticationSuccessHandler class and set the session timeout in the authentication success handler:

public class NoRedirectSavedRequestAwareAuthenticationSuccessHandler
       extends SimpleUrlAuthenticationSuccessHandler {

    public final Integer SESSION_TIMEOUT_IN_SECONDS = 60 * 30;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request,
                                        HttpServletResponse response,
                                        Authentication authentication)
                                        throws ServletException, IOException {

        request.getSession().setMaxInactiveInterval(SESSION_TIMEOUT_IN_SECONDS);

        // ...
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .formLogin()
            .loginProcessingUrl("/login")
            .successHandler(new NoRedirectSavedRequestAwareAuthenticationSuccessHandler())
            .failureHandler(new SimpleUrlAuthenticationFailureHandler())
            .and().httpBasic();
    }

}
like image 55
justin Avatar answered Sep 28 '22 05:09

justin
Sign in to Comment

Related questions

Spring-Boot Logging configuration when deployed as .war
Return custom object from Spring Data with Native Query
SpringFox Swagger - Optional and Mandatory fields in model
Casting from HttpServletRequest to WebRequest
How to configure Jackson in spring boot application without overriding springs default setting in pure java
Certificate for <localhost> doesn't match any of the subject alternative names
springboot : how to return error status code in prehandle of HandlerInterceptor
Register a CustomConverter in a MongoTemplate with Spring Boot
How to monitor folder/directory in spring?
What is the difference between @ExtendWith(SpringExtension.class) and @ExtendWith(MockitoExtension.class)?
Spring Boot Hibernate Syntax Error in SQL Statement
org.springframework.web.client.HttpClientErrorException: 400 Bad Request
Problems adding multiple KafkaListenerContainerFactories
Disable scanManifest of Jar Scan in tomcat embed in spring boot
Spring Keycloak: Get User ID
Create war file from Spring:boot project in Eclipse
spring.datasource.initialize is deprecated
Upgraded spring boot from 2.1.9 to 2.2.0 , now getting exception while starting
Accessing a Spring OAuth 2 JWT payload inside the Resource Server controller?
Make JSON payload fields case insensitive when mapping to Java Object in REST API developed using SpringBoot

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!