Gatusko
Reputation: 2598
Spring security session time out
My configuration of session timeout doesn't work. It show me a message that I made when tu user is inactive for 1 minute. But whenever I refresh the page. The session Still persist.
<session-config>
<session-timeout>
15
</session-timeout>
</session-config>
Here is the session config of my web.xml and here is the spring security xml
<http auto-config="true" use-expressions="true" access-denied-page="/faces/forbidden.xhtml" entry-point-ref="casAuthEntryPoint">
<intercept-url pattern="/faces/parameters.xhtml" access="hasRole('TMS_ADMIN')" />
<intercept-url pattern="/faces/*" access="hasRole('TMS_USER')" />
<session-management invalid-session-url="adfasdf" >
<concurrency-control error-if-maximum-exceeded="true" max-sessions="1"/>
</session-management>
</html>
Any help?
Upvotes: 1
Views: 846
Answers (1)
Gatusko
Reputation: 2598
Well after days of looking how to do it. Reading the documetation and everything. I found my answer. In my jsf page i put this code
<meta http-equiv="refresh" content="${session.maxInactiveInterval}"/>
Then I modify my springsecurity.xml
<session-management invalid-session-url="/index.html" />
Upvotes: 1
Related Questions
- Spring-boot Spring-Security session timeout
- Spring Session & Spring Security - session timeout handling not working
- Spring Security Session Timeout - Java
- Login session timeout
- Spring Security session timeout is too short
- Spring: Session timeout with java based configurations
- Is there a Session Timeout Exception in Spring Security?
- Spring Security Requirements and questions
- Spring security session expiration
- spring security session timeout