Session TimeOut in web.xml

Asked 13/3, 2013 at 10:36 Answered 24/3, 2017 at 4:22

I am trying to understand the real purpose of session configuration in Web.xml for session timeout.

<!-- Session Configuration -->
<session-config>
        <session-timeout>60</session-timeout>
</session-config>

Now let me tell you about my question.

My application is importing/uploading a .txt file, which is bound to take more than 1 hour, since there are millions of records to be imported. But the session times out after 1 hour though my application is still importing that .txt file which is in progress. Such an application should not timeout as the application is doing some task in the background.

Peel answered 13/3, 2013 at 10:36 Comment(6)

Increase your number inside of your session-timeout tag.If you have any question ping me. Tanks – Anodic 13/3, 2013 at 10:41

If any process is going on, I think session will not expire. Session expires if application is idle for that period of time. Your's is not idle if some background process is going on. – Reggiereggis 13/3, 2013 at 10:49

I am not sure how your application import works. if the application is waiting for an I/O to complete, then definitely it is idle and will get time out – Dusky 13/3, 2013 at 10:54

Have you set up a javascript timer on the client side to request a logout page after 60 minutes? If so, you will need to disable it before starting the upload. – Hrvatska 12/6, 2013 at 18:37

Just a simple timer that will poll the website every 10 mins, a servlet that does nothing but return a heartbeat value of true/false. Then once your document finishes upload remove the timer. – Buyer 21/11, 2014 at 15:50

I'm just wondering that no one mentioned in the answers that this is probably a design flaw issue. If you are doing such a long processing there is quite likely no reason to couple it to the user session. Upload the file to the server and then just process it asynchronously. – Berlyn 6/7, 2015 at 13:27

To set a session-timeout that never expires is not desirable because you would be reliable on the user to push the logout-button every time he's finished to prevent your server of too much load (depending on the amount of users and the hardware). Additionaly there are some security issues you might run into you would rather avoid.

The reason why the session gets invalidated while the server is still working on a task is because there is no communication between client-side (users browser) and server-side through e.g. a http-request. Therefore the server can't know about the users state, thinks he's idling and invalidates the session after the time set in your web.xml.

To get around this you have several possibilities:

You could ping your backend while the task is running to touch the session and prevent it from being expired
increase the <session-timeout> inside the server but I wouldn't recommend this
run your task in a dedicated thread which touches (extends) the session while working or notifies the user when the thread has finished

There was a similar question asked, maybe you can adapt parts of this solution in your project. Have a look at this.

Hope this helps, have Fun!

Grownup answered 13/3, 2013 at 11:16 Comment(1)

Note that user login and sessions are two independent things. There is no "logout" for servlets in general. The server would need a "logout" page that explicitly calls the invalidate() method of HttpSession. – Megohm 21/11, 2013 at 17:14

<session-config>
    <session-timeout>-1</session-timeout>
</session-config>

You can use "-1" where the session never expires. Since you do not know how much time it will take for the thread to complete.

Brumfield answered 13/3, 2013 at 10:44 Comment(6)

@PeakGen: Please be so nice and don't just object. So it does expire? After what time does it do that? – Daune 3/8, 2016 at 9:12

@zb226: Before commenting, please make sure to check the thread date :) – Goles 3/8, 2016 at 9:53

@PeakGen: I don't think the thread date is relevant. Additional information would be relevant. – Daune 18/8, 2016 at 15:59

@zb226: Thread date is relevant as I can't even remember what this question is. Anyway I seriously have no time to argue on 3 years old record, If you want to consider this user's answer as the correct one then no issue, it is totally up to you. – Goles 18/8, 2016 at 16:16

I very much agree with @Daune that the comment "Wrong. Session does expire" does not provide sufficient information. When does the session expire? What you base this observation on? Despite the answers are some years old, people refer to these answers also now! – Perihelion 6/9, 2016 at 8:44

If session never expires, would they ever release the threads? Do the thread get GCed? Would the growing thread eat up the memory? – Phonologist 8/8, 2019 at 17:48

Send AJAX Http Requests to the server periodically (say once for every 60 seconds) through javascript to maintain session with the server until the file upload gets completed.

Experimentalism answered 13/3, 2013 at 11:55 Comment(0)

Hacky way:

You could increase the session timeout programmatically when a large up-/download is expected.

session.setMaxInactiveInterval(TWO_HOURS_IN_SECONDS)

When the process ends, you could set the timeout back to its default.

But.. when you are on Java EE, and the up-/download doesn't take a complete hour, the better way was to run the tasks asynchronous (via JMS e.g.).

Perceptible answered 15/3, 2013 at 17:39 Comment(0)

You can see many options as answer for your question, however you can use "-1" where the session never expires. Since you do not know how much time it will take for the thread to complete. E.g.:

   <session-config>
        <session-timeout>-1</session-timeout>
    </session-config>

Or if you don't want a timeout happening for some purpose:

<session-config>
    <session-timeout>0</session-timeout>
</session-config>

Another option could be increase the number to 1000, etc, etc, bla, bla, bla.

But if you really want to stop and you consider that is unnecessary for your application to force the user to logout, just add a logout button and the user will decide when to leave.

Here is what you can do to solve the problem if you do not need to force to logout, and in you are loading files that could take time base on server and your computer speed and the size of the file.

<!-- sets the default session timeout to 60 minutes. -->
   <!-- <session-config>
     <session-timeout>60</session-timeout>
   </session-config> -->

Just comment it or deleted that's it! Tan tararantan, tan tan!

Theocrasy answered 7/10, 2014 at 19:24 Comment(1)

is there any difference between 0 and -1 ? – Beeves 10/2, 2016 at 19:57

<session-config>
        <session-timeout>-1</session-timeout>
</session-config>

In the above code "60" stands for the minutes. The session will expired after 60 minutes. So if you want to more time. For Example -1 that is described your session never expires.

Anodic answered 13/3, 2013 at 10:40 Comment(1)

The question is even though the session is active(doing something) why its expiring after 60 min ?? – Aquarelle 13/3, 2013 at 10:46

The docs says:

The session-timeout element defines the default session timeout interval for all sessions created in this web application. The specified timeout must be expressed in a whole number of minutes. If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out. If this element is not specified, the container must set its default timeout period.

Fenestra answered 27/10, 2015 at 19:3 Comment(0)

you can declare time in two ways for this problem..

1) either give too long time that your file reading is complete in between that time.

<session-config>
    <session-timeout> 1000 </session-timeout>
</session-config>

2)declare time which is never expires your session.

<session-config>
    <session-timeout>-1</session-timeout>
</session-config>

Isla answered 4/2, 2014 at 6:10 Comment(0)

Another option I would recommend is to create a separate application that is stateless that would take the large file. On your main app open a new window or iframe that will accept the file and send it through that window then hide the window or iframe once the upload has started using Javascript.

Richards answered 16/4, 2015 at 17:32 Comment(0)

If you don't want a timeout happening for some purpose:

<session-config>
    <session-timeout>0</session-timeout>
</session-config>

Should result in no timeout at all -> infinite

Reggiereggis answered 13/3, 2013 at 10:45 Comment(1)

The question is even though the session is active(doing something) why its expiring after 60 min ?? – Aquarelle 13/3, 2013 at 10:48

You should consider splitting the large file to chunks and rely on multi threading capabilities to process more than one file at a time OR let the whole process run as a background task using TimerTask and write another query to know the status of it form the browser including a progress bar can be shown if you can know the process time of a file or record.

Featherbedding answered 24/3, 2017 at 4:22 Comment(0)

-2

Usually the session will not expire when request processing is happening. I think there is an LB or something in between which reads the entire file and then invokes the web container.

This might be causing a delay which is leading to expiry of the session.

Justinjustina answered 13/3, 2013 at 17:55 Comment(1)

The session can expire when a request is processing. For e.g. if the session-timeout is set as 15 minutes and it receives a request that takes like 20 minutes and the server hasn't received any request in this time, the session times out. – Eggers 14/10, 2015 at 19:45

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags