How to enable session and set session timeout in Spring Security

I was able to solve above issue by adding below config in web.xml only. any better way will be accepted.

 <session-config>
    <session-timeout>20</session-timeout>
</session-config>

If you are using JavaConfig and do not want to use XML you can create a HttpSessionListener and use getSession().setMaxInactiveInterval(), then in the Initializer add the listener in onStartup():

public class SessionListener implements HttpSessionListener {

    @Override
    public void sessionCreated(HttpSessionEvent event) {
        System.out.println("session created");
        event.getSession().setMaxInactiveInterval(15);
    }

    @Override
    public void sessionDestroyed(HttpSessionEvent event) {
       System.out.println("session destroyed");
    }
}

Then in the Initializer:

@Override
public void onStartup(ServletContext servletContext) throws ServletException {
    super.onStartup(servletContext);
    servletContext.addListener(new SessionListener());
}

When using application.properties set property server.session.timeout= value is in seconds.

How to enable session and set session timeout in Spring Security

Tags:

Java

Session

Spring

Spring Mvc

Spring Security

Related

Recent Posts