Reputation: 19
how does session timeout configured in web.xml works
I have this piece of code configured in my web.xml file to validate a user session.
<session-config>
<session-timeout>30</session-timeout>
</session-config>
i want to understand its internal working as to how a particular user is validated and where, when a user makes a request after 30 mins.
Upvotes: 1
Views: 1987
Answers (1)
Reputation: 1807
A "session" is identified by the JSESSIONID identifier send with every request by the client (e.g. browser). This identifier is either send per cookie or by request parameter (query parameter). The web container maintains a map of all active sessions under their JSESSIONID identifier. If the configured timeout has passed by without any request for this JSESSIONID identifier, then the session is seen as "timed out". All data you have put into this session is lost (incl. eventual authentication information).
Upvotes: 2
Related Questions
- How to access Session Timeout Value in web.xml?
- How do I set session timeout in seconds in web.xml?
- Session TimeOut in web.xml
- Tomcat Session Timeout web.xml
- Setting session timeout without web.xml in java web application
- SessionTimeout: web.xml vs session.maxInactiveInterval()
- What is the default session timeout for a Java EE website?
- Session Timeout in web.xml not working for weblogic server
- Session timeout not happening
- Is there any way to set session timeout in seconds in web.xml by doing some tweaking?