I have a web application which uses HTTP session to trace the user state. I'm trying to debug an error for which I have to set the session-timeout to 2 minutes. I modified web.xml -> session-timeout to 2. By adding log statements to custom HTTP session listener I could see that the session is created and destroyed after 2 min when I don't log in to the application. After I login the session is destroyed for about 20 min after it has been created. I have also tried closing the browser to avoid any AJAX calls that extend the session life time but I still see the same behavior. It looks like something else in the application is extending the session life time, what could possibly the reason? Where to start looking for to fix this?
Asked
Active
Viewed 320 times
0
-
1Take a look at his answer and sources. http://stackoverflow.com/questions/3118968/sessiontimeout-web-xml-vs-session-maxinactiveinterval – But I'm Not A Wrapper Class Jul 01 '13 at 16:03
3 Answers
0
Verify that your login servlet, target jsp or any session listeners are not overriding the session time-out value set in web.xml programmatically. Search for setMaxInactiveInterval within your code base.
session.setMaxInactiveInterval(20*60); // seconds
Ravi K Thapliyal
- 51,095
- 9
- 76
- 89
0
First check in you code that you have set session time programatically which replace the xml value when you log in.
print getMaxInactiveInterval() end of the code. If it is not what you set in web.xml, that means it is changed somewhere else.
Check for setMaxInactiveInterval(int interval) in code.
The HttpSession lives until it has not been used for more than the time, a setting you can specify in web.xml, which defaults to 30 minutes. So when the client doesn't visit the webapp anymore for over 30 minutes, then the servletcontainer will trash the session. Every subsequent request, even though with the cookie specified, will not have access to the same session anymore. The servletcontainer will create a new one.
Check session api for more detail
M P Mathugama
- 1,418
- 1
- 20
- 31
0
If the 20 minute is not an exact estimate :
Are you retrieving the session anywhere by using request.getSession(); or request.getSession(true); ?
If yes, then that could be a reason.
And to avoid it request.getSession(false); could help you stop the extension of the session life time.
Your approximation of "about 20 minutes" could be related to the life-cycle of the request for business logic where the sessions opened to db, or some other processing.
As suggested in the other answers, the "setMaxInterval();" could be a reason for the odd "20 minute" phenomenon.
Gyan
- 1,176
- 1
- 12
- 26