How to configure the session timeout in servlet

The session timeout in a web application can be configurable in two ways

1) Timeout in the deployment descriptor (web.xml)

– Specified the timeout value in “minute” , enclose with “session-config” element.


<web-app ...>
	<session-config>
		<session-timeout>20</session-timeout>
	</session-config>
</web-app>

The above setting is apply for the entire web application, and session will be kill by container if client doesn’t make any request after 20 minutes.

2) Timeout with setMaxInactiveInterval()

– You can manually specified the timeout value in “second” for a particular session.


HttpSession session = request.getSession();
session.setMaxInactiveInterval(20*60);

The above setting is only apply on session which call the “setMaxInactiveInterval()” method, and session will be kill by container if client doesn’t make any request after 20 minutes.

Thoughts….

This is a bit confusing , the value in deployment descriptor (web.xml) is in “minute”, but the setMaxInactiveInterval() method is accept the value in “second”. Both functions should synchronize it in future release :)

About the Author

author image
mkyong
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter, or befriend him on Facebook or Google Plus. If you like my tutorials, consider make a donation to these charities.

Comments

Leave a Reply

avatar
newest oldest most voted
Raj Kumar
Guest
Raj Kumar

Hi, My Scenario is after session timeout through web.xml or calling method session.setMaxInactiveInterval(30); I want the user to be redirect to login page. Please suggest some example for the mentioned scenario.

Thanks in Advance

frm
Guest
frm

thanks

Shrutika Dayma
Guest
Shrutika Dayma

I want to logout when session-timeout is called. can you suggest how it can be done

Vaibhav Kaushal
Guest
Vaibhav Kaushal

Hi,
This is working correctly on local but not on production.
Please help me in this.
Thanks in Advance

swapna chekka
Guest
swapna chekka

i have given

480 in web.xml and session timeout interval in application as 1 hour.

Sometimes my application is saying that could not find hibernate connection. what could be the issue.

swapna chekka
Guest
swapna chekka

I have one question. If session timeout property is not set , what will be the default session timeout value/time in hibernate

Chua Eng Ghee
Guest
Chua Eng Ghee

how to check if the session had expired

thangaraj
Guest
thangaraj

we can assign the session if manually…..?can any one say how to assign the session id manually…???

Bere
Guest
Bere

Is there a way to set the session timeout to be a “hard” timeout. meaning it will time out even if there is activity? My rest client does a query every few seconds which means the session will never time out in the current state. I want it to timeout after 3 hours

Suja Arjunan
Guest
Suja Arjunan

Hi, After 15 min I am calling controller through ajax’s call and reseting the session time using function. This “setMaxInactiveInterval” function,its working fine for nearly 10 ajaxs call. After that I am getting null session. what I am doing wrong here.

Thanks in Advance
Suja Arjunan

Lamen
Guest
Lamen

There must be a default value if you don’t set the session timeout value explicitly.

vijay
Guest
vijay

hi , it has not worked for me. do we need to restart web application server to reflect the changed?
thanks,

kaka
Guest
kaka

Thanks, it’s work

vineet kaushik
Guest
vineet kaushik

Hi,
as You have mentioned in first point that session will be killed by container if client doesn’t make any request after 20 minutes.

what if you made a request 20 mins ago but response did not come back in those 20 minutes for that request. so it should timeOut? and mind, we did not make any other request in those 20 mins.

Thanks,
Vineet

Rudresh
Guest
Rudresh

Hi my JSF web application application is integrated with JAAS Form Based authentication, in this if i mentioned session time out as below in web.xml of my application this will not timeout the session.

20

Abhijat
Guest
Abhijat

Another one where i have some to your website :)

thanks as always

Jonathan Carrillo
Guest
Jonathan Carrillo

How to screen print the time session remaining?

ajay
Guest
ajay

@Jonathan–session.getMaxInactiveInterval() .