Setting session timeout period with Spring Security 3.0

About

Asked 22/3, 2011 at 0:0 Answered 3/1, 2018 at 11:54

Solved java spring-security session-timeout

I am using Spring Security 3.0 to authenticate with an LDAP server and I cannot figure out to set my own session timeout period. I believe that the default is 30 minutes but I need to set it to longer than that

Reamonn answered 22/3, 2011 at 0:0 Comment(0)

116

You can either set the session timeout (say 60 minutes) for all sessions in web.xml:

<session-config>
  <session-timeout>60</session-timeout>
</session-config>

or on a per-session basis using

session.setMaxInactiveInterval(60*60);

the latter you might want to do in a authorizationSuccessHandler.

<form-login authentication-success-handler-ref="authenticationSuccessHandler"/>

Cristiano answered 22/3, 2011 at 1:36 Comment(6)

session-timeout, that was it! Thanks a lot – Reamonn 22/3, 2011 at 16:39

Thanks session.setMaxInactiveInterval(60*60*24); This code sets 24 hour session time. – Do 30/3, 2014 at 14:1

@Cristiano this implementation throwing msg stating "Full authentication is required to access this resource" can we change this message ? – Negress 22/4, 2016 at 10:24

server.session.timeout= # Session timeout in seconds - for Spring Boot – Dwaindwaine 6/7, 2016 at 15:53

session-config - should be added into web.xml file – Handcraft 10/4, 2017 at 11:1

What if I am using spring boot and dont have web.xml? – Rubeola 28/4, 2017 at 17:7

If you are using Spring Boot you can do so by adding the following to the application.properties file:

server.session.cookie.max-age=<your_value_in_seconds>

Demeanor answered 3/1, 2018 at 11:54 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags