Misak
Reputation: 125
Default session expiration timeout?
By default the JSESSIONID cookie is expired when you close the browser, but how long is the associated HttpSession really valid on the server side?
Upvotes: 9
Views: 15827
Answers (1)
BalusC
Reputation: 1109635
It defaults to 30 minutes on most containers which you can configure by <session-config> in your webapp's web.xml.
<session-config>
<session-timeout>10</session-timeout>
</session-config>
The above example will change the server side session timeout to 10 minutes. So in other words, when the client do not interact with the server for more than 10 minutes (even though the browser is kept open that long), then the session will expire on the server side. Any next request will create a new session.
See also:
Upvotes: 9
Related Questions
- Reset session timeout programmatically
- Session-timeout not working when used with cookie-config
- What is the default session timeout for a Java EE website?
- Default Session timeout value
- How do I set session timeout of greater than 30 minutes
- Can cookies expire before session expires?
- Session expiry implementation issues
- How can I set session timeout so that it never expires?
- Session-timeout configuration doesn't work?
- When will session be expired?