Andrey Minogin
Reputation: 4615
Spring security session expiration
- What is the maximum time of user inactivity (session expiration time) when using spring security?
- When is session expiration date updated? Does it update when we call
SecurityContextHolder.getContext().getAuthentication()? I.e. what is "user activity" for spring security?
Thanks!
Upvotes: 1
Views: 6031
Answers (1)
axtavt
Reputation: 242786
Spring Security relies on session management support provided by servlet containers.
Session timeout can be configured in
web.xml:<session-config> <session-timeout>30</session-timeout> <!-- in minutes --> </session-config>otherwise container's default value is used. You can override timeout for particular session using
Session.setMaxInactiveInterval()(in seconds).- Session expiration date is updated when any request associated with that session comes in.
Upvotes: 10
Related Questions
- Session Timeout is not working Spring Boot?
- Spring Session & Spring Security - session timeout handling not working
- Spring Security Session Timeout - Java
- Setting session timeout period with Spring Security 3.0
- Login session timeout
- Spring security session time out
- Spring Security session timeout is too short
- Spring Security session-management setting and IllegalStateException
- handle session expired event in spring based web application
- spring security session timeout