Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
Ask Question
According to the documentation of Spring Boot, session timeout can be configured by setting
server.servlet.session.timeout= 300s
in application.properties file. In this post and in Spring Boot documentation it is also said so. But unfortunately this is not working for me.
Is there any other configuration to get expected result?
–
–
–
–
I am posting answer because this scenario is new for me. And I haven't got proper solution step by step.
According to the suggestion of M. Deinum I created a web.xml file under WEB-INF folder. Project structure is like
|_ main
|_ java
|_ resources
|_ webapp
|_ WEB-INF
|_ web.xml
And in web.xml I configured <session-timeout>...</session-timeout>
My web.xml is like
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<session-config>
<session-timeout>5</session-timeout>
</session-config>
</web-app>
And now session time of my webapp in server is working according to my configuration. Thanks goes to M. Deinum
A possible cause for this problem might be using @EnableRedisHttpSession. As explained in this answer:
By using @EnableRedisHttpSession you are telling Spring Boot that you want to take complete control over the configuration of Redis-based HTTP sessions. As a result, its auto-configuration backs off and server.servlet.session.timeout has no effect. If you want to use server.servlet.session.timeout then you should remove @EnableRedisHttpSession. Alternatively, if you want to use @EnableRedisHttpSession then you should use the maxInactiveIntervalInSeconds attribute to configure the session timeout.
Hope this helps someone.
server.servlet.session.timeout only works for spring boot embedded container.
If you want to deploy the application to an external container, implement HttpSessionListener and ServletRequestListener.
@Component
public class MyHttpSessionListener implements HttpSessionListener {
@Value("${server.servlet.session.timeout}")
Duration sessionTimout;
@Override
public void sessionCreated(HttpSessionEvent event) {
event.getSession().setMaxInactiveInterval((int) sessionTimout.getSeconds());
@Component
public class MyServletRequestListener implements ServletRequestListener {
@Value("${server.servlet.session.timeout}")
Duration sessionTimout;
@Override
public void requestInitialized(ServletRequestEvent sre) {
HttpSession sh = ((HttpServletRequest) sre.getServletRequest()).getSession(false);
if (sh != null) {
long t = sh.getCreationTime();
long duration = (System.currentTimeMillis() - t) / 1000;
if (duration > sessionTimout.getSeconds()) {
sh.invalidate();
Follow the below solution.
Set the session time out in application.properties file like below.
server.servlet.session.timeout=01m
Specify the invalid session URL in WebSecurityConfiguration file like below
http.sessionManagement().invalidSessionUrl("/sessionexpired");
Configure the session expired mapping in controller class like below
@RequestMapping(value = "/sessionexpired", method = RequestMethod.GET)
public ModelAndView sessionexpired(HttpServletRequest request,
HttpServletResponse response) {
return new ModelAndView("sessionexpired");
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
