Session TimeOut in web.xml

Vineet picture Vineet · Mar 13, 2013 · Viewed 270.7k times · Source

I am trying to understand the real purpose of session configuration in Web.xml for session timeout.

<!-- Session Configuration -->
<session-config>
        <session-timeout>60</session-timeout>
</session-config>

Now let me tell you about my question.

My application is importing/uploading a .txt file, which is bound to take more than 1 hour, since there are millions of records to be imported. But the session times out after 1 hour though my application is still importing that .txt file which is in progress. Such an application should not timeout as the application is doing some task in the background.

Answer

SimonSez picture SimonSez · Mar 13, 2013

To set a session-timeout that never expires is not desirable because you would be reliable on the user to push the logout-button every time he's finished to prevent your server of too much load (depending on the amount of users and the hardware). Additionaly there are some security issues you might run into you would rather avoid.

The reason why the session gets invalidated while the server is still working on a task is because there is no communication between client-side (users browser) and server-side through e.g. a http-request. Therefore the server can't know about the users state, thinks he's idling and invalidates the session after the time set in your web.xml.

To get around this you have several possibilities:

  • You could ping your backend while the task is running to touch the session and prevent it from being expired
  • increase the <session-timeout> inside the server but I wouldn't recommend this
  • run your task in a dedicated thread which touches (extends) the session while working or notifies the user when the thread has finished

There was a similar question asked, maybe you can adapt parts of this solution in your project. Have a look at this.

Hope this helps, have Fun!