Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Timeout set in the web.xml is not working in java [duplicate]

I am trying to set my application timeout on Tomcat 7 app server.First I am testing with my timeout as one minute in web.xml as

 <session-config>
       <session-timeout>1</session-timeout>
  </session-config> 

and I am using HttpSessionListener to make sure my Timeout is working fine.I declared my sessionListener Class in web.xml .

public class HttpSessionChecker implements HttpSessionListener {

    public void sessionCreated(HttpSessionEvent event) {
        System.out.printf("Session ID %s created at %s%n", event.getSession().getId(), new Date());
    }
    public void sessionDestroyed(HttpSessionEvent event) {
        System.out.printf("Session ID %s destroyed at %s%n", event.getSession().getId(), new Date());
    }
}

and In web.xml

<listener>
    <listener-class>com.test.util.HttpSessionChecker</listener-class>
</listener>

But when start my server and launch my application I see session is initiated on the Login page only .

Session ID 934073ED5E9933158995EE5EB680D3F7 created at Wed Nov 07 09:39:13 PST 2012

and when I stay Idle for more than a minute or some times more than five minutes cause Tomcat don't fire Timeout immediately in my application and click on something in my application Session is not Expired.Still I am able to navigate another page.But When I am stay Idle on the login page or logged-out I see the session is destroyed. But when once Login is done and when I am inside the application session timeout is not happening. I see

Session ID 934073ED5E9933158995EE5EB680D3F7 destroyed at Wed Nov 07 09:42:13 PST 2012

What am I doing wrong? And even after I mentioned <session-timeout> in web.xml do I need code session.invalidatesomewhere in Code? How Can I redirect to login.xhtml in session destroyed in JSF?

like image 851
SRy Avatar asked Nov 07 '12 18:11

SRy


1 Answers

Your doing nothing wrong. A background thread will check every x minutes for,when the sessions expire. This is container specific. Ie it is not guaranteed to be expired after the time you specify. I know in tomcat you can easily modify this check interval in the server.xml file.

like image 192
Marcus Blackhall Avatar answered Sep 17 '22 23:09

Marcus Blackhall