Setting session timeout period with Spring Security 3.0

Question

I am using Spring Security 3.0 to authenticate with an LDAP server and I cannot figure out to set my own session timeout period. I believe that the default is 30 minutes but I need to set it to longer than that

score 116 · Accepted Answer · answered Mar 22 '11 at 01:36

116

You can either set the session timeout (say 60 minutes) for all sessions in web.xml:

<session-config>
  <session-timeout>60</session-timeout>
</session-config>

or on a per-session basis using

session.setMaxInactiveInterval(60*60);

the latter you might want to do in a authorizationSuccessHandler.

<form-login authentication-success-handler-ref="authenticationSuccessHandler"/>

answered Mar 22 '11 at 01:36

sourcedelica

23,940
7
66
74

2

session-timeout, that was it! Thanks a lot – Benoit Martin Mar 22 '11 at 16:39
Thanks session.setMaxInactiveInterval(60*60*24); This code sets 24 hour session time. – Yusuf K. Mar 30 '14 at 14:01
@sourcedelica this implementation throwing msg stating "Full authentication is required to access this resource" can we change this message ? – praveenpds Apr 22 '16 at 10:24
6

server.session.timeout= # Session timeout in seconds - for Spring Boot – Enginer Jul 06 '16 at 15:53
`session-config` - should be added into `web.xml` file – Andremoniy Apr 10 '17 at 11:01
What if I am using spring boot and dont have web.xml? – JayC Apr 28 '17 at 17:07

score 3 · Answer 2 · edited Jan 03 '18 at 13:15

3

If you are using Spring Boot you can do so by adding the following to the application.properties file:

server.session.cookie.max-age=<your_value_in_seconds>

edited Jan 03 '18 at 13:15

hd84335

8,815
5
34
45

answered Jan 03 '18 at 11:54

Mohammed Fathi

1,237
1
14
12

Setting session timeout period with Spring Security 3.0

2 Answers2

Linked