setting session timeout in Spring MVC
Solution 1
I was not able to find any way to specify session timeout value through any Spring configuration files. I was using <aop:scoped-proxy>
bean so that I don't have to manage read/write value/object to session. Now, I also want the same for setting session timeout value, without using servlets API. But looks like there is no way to specify it other than web.xml file. So ended up using servlet api request.getSession()
to set timeout period. I externalized time value so that I can easily change it without recompiling the code. If anyone found better approach then please feel free to post. If found better, I can accept that as an answer.
Solution 2
Solution using Pure Spring MVC, sevlet context.xml
<mvc:interceptors>
<bean class="com.xxx.SessionHandler" />
</mvc:interceptors>
Handler Adapter
@Component
public class SessionHandler extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
request.getSession().setMaxInactiveInterval(60*60);
return true;
}
}
Assuming you are using spring security,
For each successful login i think best way is to create LoginSuccessHandler
and specify authentication-success-handler for normal login as well as remember-me.
@Service
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(
HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) throws ServletException, IOException {
request.getSession().setMaxInactiveInterval(60*60);
super.onAuthenticationSuccess(request, response, authentication);
}
}
<http auto-config="true" use-expressions="true">
<form-login login-page="/login"
authentication-failure-url="/login.hst?error=true"
**authentication-success-handler-ref="loginSucessHandler"** />
<logout invalidate-session="true" logout-success-url="/home" logout-url="/logout" />
<remember-me key="jbcp" **authentication-success-handler-ref="loginSucessHandler"**/>
<session-management>
<concurrency-control max-sessions="1" />
</session-management>
</http>
JProgrammer
I am enthusiastic programmer having expertise in Java programming language. I am interested in developing distributed systems and high efficient data manipulation programs.
Updated on July 05, 2022Comments
-
JProgrammer almost 2 years
Is there any way of specifying session timeout in Spring? I can not specify it in web.xml. As I am using session scope bean in controller as follows
I have configured controller through spring xml files.
class xyzController{ ABCSessionScopeClass objectWhichWillBeStoredInSession; }
I can not use this either
session.setMaxInactiveInterval(60*60);
Is there any other way of doing this. I don't mind setting timeout per session or for all session at the same time.
-
JProgrammer over 11 yearsI am not using Spring security.
-
Jigar Parekh over 11 yearsif you are not using spring security then you can also use <mvc:interceptors> and HandlerInterceptorAdapter. with Spring MVC.
-
Ivan Nikitin over 8 yearsYou can specify session timeout using web.xml as described here: stackoverflow.com/questions/12932589/…
-
Ivan Nikitin over 8 yearsIf you're using Spring Boot, you can specify session timeout in application.properties: server.session-timeout=86400