13

According to the documentation of Spring Boot, session timeout can be configured by setting 

server.servlet.session.timeout= 300s

in application.properties file. In this post and in Spring Boot documentation it is also said so. But unfortunately this is not working for me.

Is there any other configuration to get expected result?

informatik01
  • 15,636
  • 10
  • 72
  • 102
Avijit Barua
  • 2,760
  • 4
  • 13
  • 31
  • 8
    The `server.*` properties will only work if you use the embedded container. If you are deploying to Tomcat those won't work as Spring Boot isn't controlling the container. – M. Deinum Jan 15 '19 at 07:45
  • @M.Deinum, Can you give me any suggestion about, how can I set session timeout in my project which is currently running on server ? – Avijit Barua Jan 15 '19 at 07:48
  • 1
    By including a `web.xml` or `web-fragment.xml` and set the session timeout in that way just as you regularly would do. – M. Deinum Jan 15 '19 at 07:49
  • @M.Deinum, Can you please give me any reference ? – Avijit Barua Jan 15 '19 at 07:50
  • A reference to what? Just check how you would set the session timeout in a regular web application. That applies here as well. – M. Deinum Jan 15 '19 at 07:52
  • @M.Deinum, Where I will have to put `web.xml` in spring boot project ? In resource folder ? – Avijit Barua Jan 15 '19 at 07:54
  • No as stated in the normal location the `WEB-INF` folder. It is a regular WAR you are deploying, there is no magic in there. – M. Deinum Jan 15 '19 at 07:54

6 Answers6

8

You can use Approach 1:

server.servlet.session.timeout=30s
server.servlet.session.cookie.max-age=30s

It is working fine for me

M. Deinum
  • 104,041
  • 21
  • 200
  • 207
vivekdubey
  • 454
  • 2
  • 7
  • According spring recent doc `server.session.timeout` is deprecated now. You can check first link – Avijit Barua Jan 15 '19 at 06:48
  • ok If you are using spring boot version 2.0 you can use server.servlet.session.timeout. Just set small time and do not perform any activity for that much time and check,I think it should work – vivekdubey Jan 15 '19 at 06:55
  • Have you tried in any of your project ? Actually in my project `server.session.timeout` this line giving red alert :/ – Avijit Barua Jan 15 '19 at 07:14
  • 1
    Also setting it to something smaller then 1 minute won't work. The session reaping thread in tomcat runs every minute... So even setting it to something smaller won't reliably work. – M. Deinum Jan 15 '19 at 07:46
  • is any way to trigger a funtion during server.servlet.session.cookie.max-age=30s even is triggerd – Akshay Prabhu Jul 30 '20 at 12:29
  • What is the default value for timeout if not set? – KK2491 Sep 28 '21 at 07:21
7

A possible cause for this problem might be using @EnableRedisHttpSession. As explained in this answer:

By using @EnableRedisHttpSession you are telling Spring Boot that you want to take complete control over the configuration of Redis-based HTTP sessions. As a result, its auto-configuration backs off and server.servlet.session.timeout has no effect. If you want to use server.servlet.session.timeout then you should remove @EnableRedisHttpSession. Alternatively, if you want to use @EnableRedisHttpSession then you should use the maxInactiveIntervalInSeconds attribute to configure the session timeout.

Hope this helps someone.

Community
  • 1
  • 1
Nelly Mincheva
  • 350
  • 3
  • 7
5

I am posting answer because this scenario is new for me. And I haven't got proper solution step by step. According to the suggestion of M. Deinum I created a web.xml file under WEB-INF folder. Project structure is like 

src
 |_ main
     |_ java
     |_ resources
     |_ webapp
         |_ WEB-INF
              |_ web.xml

And in web.xml I configured <session-timeout>...</session-timeout>

My web.xml is like 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         id="WebApp_ID" version="2.5">


    <session-config>
        <session-timeout>5</session-timeout>
    </session-config>

</web-app>

And now session time of my webapp in server is working according to my configuration. Thanks goes to M. Deinum

Avijit Barua
  • 2,760
  • 4
  • 13
  • 31
3

Use HttpSessionListener.

server.servlet.session.timeout only works for embedded container.

@Configuration
public class MyHttpSessionListener implements HttpSessionListener {
    @Override
    public void sessionCreated(HttpSessionEvent event) {
        event.getSession().setMaxInactiveInterval(30);
    }
}
Ali
  • 381
  • 6
  • 11
-1

spring doc The latest version of SpringBoot is using the following properties.

server.servlet.session.timeout=30m
kim se jung
  • 1
-3

Maybe you added remember me. This will make the session always valid.

hellozjf
  • 153
  • 3
  • 16