The session timeout in a web application can be configurable in two ways

1) Timeout in the deployment descriptor (web.xml)

– Specified the timeout value in “minute” , enclose with “session-config” element.

<web-app ...>
	<session-config>
		<session-timeout>20</session-timeout>
	</session-config>
</web-app>

The above setting is apply for the entire web application, and session will be kill by container if client doesn’t make any request after 20 minutes.

2) Timeout with setMaxInactiveInterval()

– You can manually specified the timeout value in “second” for a particular session.

HttpSession session = request.getSession();
session.setMaxInactiveInterval(20*60);

The above setting is only apply on session which call the “setMaxInactiveInterval()” method, and session will be kill by container if client doesn’t make any request after 20 minutes.

Thoughts….

This is a bit confusing , the value in deployment descriptor (web.xml) is in “minute”, but the setMaxInactiveInterval() method is accept the value in “second”. Both functions should synchronize it in future release :)

Tags :
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter, or befriend him on Facebook or Google Plus. If you like my tutorials, consider make a donation to these charities.
My website mkyong.com is hosted by Liquid Web, I really like their fast and helpful support, it saved me a lot of time. Furthermore, their servers are extremely reliable, fast and stable, I don't remember when was the last time my server is down. Btw, they're offering $100 Coupon now, if you are sourcing for great hosting provider, go grab it.

Related Posts

Popular Posts