Setting session timeout period with Spring Security 3.0

java spring-security session-timeout
Benoit Martin picture Benoit Martin · Mar 22, 2011 · Viewed 67.4k times · Source

I am using Spring Security 3.0 to authenticate with an LDAP server and I cannot figure out to set my own session timeout period. I believe that the default is 30 minutes but I need to set it to longer than that

Answer

sourcedelica picture sourcedelica · Mar 22, 2011

You can either set the session timeout (say 60 minutes) for all sessions in web.xml:

<session-config>
  <session-timeout>60</session-timeout>
</session-config>

or on a per-session basis using 

session.setMaxInactiveInterval(60*60);

the latter you might want to do in a authorizationSuccessHandler.

<form-login authentication-success-handler-ref="authenticationSuccessHandler"/>

Related questions

Logout/Session timeout catching with spring security

I'm using spring/spring-security 3.1 and want to take some action whenever the user logs out (or if the session is timed out). I managed to get the action done for logout but for session timeout, I can't get it working. …

Read More
What is the best way to handle Invalid CSRF token found in the request when session times out in Spring security

I"m using Spring MVC/Security 3.X. The issue is that I'm getting 403 at the login page whenever the session timeout, where underneath "InvalidCsrfTokenException" is being thrown by Spring framework : threw exception [org.springframework.security.web.csrf.InvalidCsrfTokenException: Invalid CSRF …

Read More
How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy - no Session

In the custom AuthenticationProvider from my spring project, I am trying read the list of authorities of the logged user, but I am facing the following error: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.horariolivre.…

Read More