How to set session timeout dynamically in Java web applications?

Question 1

How to set session timeout dynamically in Java web applications?

java session servlets jakarta-ee timeout

Jonathas Carrijo · Jun 2, 2010 · Viewed 137k times · Source

Answer

Answer

Instead of using a ServletContextListener, use a HttpSessionListener.

In the sessionCreated() method, you can set the session timeout programmatically:

public class MyHttpSessionListener implements HttpSessionListener {

  public void sessionCreated(HttpSessionEvent event){
      event.getSession().setMaxInactiveInterval(15 * 60); // in seconds
  }

  public void sessionDestroyed(HttpSessionEvent event) {}

}

And don't forget to define the listener in the deployment descriptor:

<webapp>
...      
  <listener>                                  
    <listener-class>com.example.MyHttpSessionListener</listener-class>
  </listener>
</webapp>

(or since Servlet version 3.0 you can use @WebListener annotation instead).

Still, I would recommend creating different web.xml files for each application and defining the session timeout there:

<webapp>
...
  <session-config>
    <session-timeout>15</session-timeout> <!-- in minutes -->
  </session-config>
</webapp>

Question 2

I need to give my user a web interface to change the session timeout interval. So, different installations of the web application would be able to have different timeouts for their sessions, but their web.xml cannot be different.

Is there a way to set the session timeout programatically, so that I could use, say, ServletContextListener.contextInitialized() to read the configured interval and set it upon application startup?

How to set session timeout dynamically in Java web applications?

Answer

Related questions