HTTP Session Timeout: Difference between revisions
Jump to navigation
Jump to search
| (4 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
* https://community.jboss.org/wiki/HttpSessionTimeout | * https://community.jboss.org/wiki/HttpSessionTimeout | ||
* What is the session timeout hierarchy in JBoss EAP? https://access.redhat.com/solutions/31400 | |||
=Internal= | =Internal= | ||
| Line 11: | Line 12: | ||
Ideally, a session would be invalidated as soon as the user closed his browser, browsed to a different site, or stepped away from his desk. Unfortunately, there is no way for a server to detect any of these events. Consequently, sessions live throughout some period of inactivity after which the server assumes the user must have left and it's not worth holding session state for her anymore. | Ideally, a session would be invalidated as soon as the user closed his browser, browsed to a different site, or stepped away from his desk. Unfortunately, there is no way for a server to detect any of these events. Consequently, sessions live throughout some period of inactivity after which the server assumes the user must have left and it's not worth holding session state for her anymore. | ||
<blockquote style="background-color: Gold; border: solid thin Goldenrod;"> | |||
:<br>The timeout doesn't directly influence the ''total life time'' of a session. It only specifies the time interval ''between two subsequent requests'' after which the session should be considered invalid.<br><br> | |||
</blockquote> | |||
The default timeout (in ''minutes'') can be specified using <tt>web.xml</tt>: | The default timeout (in ''minutes'') can be specified using <tt>web.xml</tt>: | ||
| Line 22: | Line 27: | ||
</web-app> | </web-app> | ||
</pre> | </pre> | ||
=Setting the Session Timeout on Server= | =Setting the Session Timeout on Server= | ||
| Line 33: | Line 34: | ||
* JBoss 5.x: <tt>${JBOSS_HOME}/server/${JBOSS_PROFILE}/deployers/jbossweb.deployer/web.xml</tt> | * JBoss 5.x: <tt>${JBOSS_HOME}/server/${JBOSS_PROFILE}/deployers/jbossweb.deployer/web.xml</tt> | ||
* JBoss 4: <tt>${JBOSS_HOME}/server/${JBOSS_PROFILE}/deploy/jbossweb-tomcat-50.sar/web.xml</tt> | * JBoss 4: <tt>${JBOSS_HOME}/server/${JBOSS_PROFILE}/deploy/jbossweb-tomcat-50.sar/web.xml</tt> | ||
* EAP 6: | |||
/subsystem=web:write-attribute(name=default-session-timeout,value=15) | |||
<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false" default-session-timeout="15"> | |||
Note that "jboss:domain:web:1.5" does not seem to specify this attribute, so it is not clear how to set it for that JBoss EAP version and earlier. | |||
=HTTP Session Timeout API= | =HTTP Session Timeout API= | ||
| Line 41: | Line 47: | ||
public void HttpSession.setMaxInactiveInterval(int secs) | public void HttpSession.setMaxInactiveInterval(int secs) | ||
</pre> | </pre> | ||
=Troubleshooting= | |||
{{Internal|JBoss HTTP Session Troubleshooting|JBoss HTTP Session Troubleshooting}} | |||
Latest revision as of 20:45, 7 February 2018
External
- https://community.jboss.org/wiki/HttpSessionTimeout
- What is the session timeout hierarchy in JBoss EAP? https://access.redhat.com/solutions/31400
Internal
Overview
Ideally, a session would be invalidated as soon as the user closed his browser, browsed to a different site, or stepped away from his desk. Unfortunately, there is no way for a server to detect any of these events. Consequently, sessions live throughout some period of inactivity after which the server assumes the user must have left and it's not worth holding session state for her anymore.
The timeout doesn't directly influence the total life time of a session. It only specifies the time interval between two subsequent requests after which the session should be considered invalid.
The default timeout (in minutes) can be specified using web.xml:
<web-app>
....
<session-config>
<session-timeout>60</session-timeout>
</session-config>
</web-app>
Setting the Session Timeout on Server
The server-wide place to set up the session timeout is:
- JBoss 5.x: ${JBOSS_HOME}/server/${JBOSS_PROFILE}/deployers/jbossweb.deployer/web.xml
- JBoss 4: ${JBOSS_HOME}/server/${JBOSS_PROFILE}/deploy/jbossweb-tomcat-50.sar/web.xml
- EAP 6:
/subsystem=web:write-attribute(name=default-session-timeout,value=15) <subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false" default-session-timeout="15">
Note that "jboss:domain:web:1.5" does not seem to specify this attribute, so it is not clear how to set it for that JBoss EAP version and earlier.
HTTP Session Timeout API
Timeout can be also individually configured for a session using:
public void HttpSession.setMaxInactiveInterval(int secs)