HTTP Session Timeout: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 23: Line 23:
</pre>
</pre>


__Note:__ The timeout doesn't directly influence the ''total life time'' of a session. It only specifies the time interval ''between two subsequent requests'' after which the session should be considered invalid.  
<blockquote style="background-color: Gold; border: solid thin Goldenrod;">
:<br>The timeout doesn't directly influence the ''total life time'' of a session. It only specifies the time interval ''between two subsequent requests'' after which the session should be considered invalid.<br><br>
</blockquote>
 
=Setting the Session Timeout on Server=


The server-wide place to set up the session timeout is:
The server-wide place to set up the session timeout is:
* JBoss 5.x: {{${JBOSS_HOME}/server/${JBOSS_PROFILE}/deployers/jbossweb.deployer/web.xml}}
* JBoss 4: {{${JBOSS_HOME}/server/${JBOSS_PROFILE}/deploy/jbossweb-tomcat-50.sar/web.xml}}.


Timeout can be also individually configured for a session using {{public void HttpSession.setMaxInactiveInterval(int secs)}}.
* JBoss 5.x: <tt>${JBOSS_HOME}/server/${JBOSS_PROFILE}/deployers/jbossweb.deployer/web.xml</tt>
* JBoss 4: <tt>${JBOSS_HOME}/server/${JBOSS_PROFILE}/deploy/jbossweb-tomcat-50.sar/web.xml</tt>
 
=HTTP Session Timeout API=
 
Timeout can be also individually configured for a session using:
 
<pre>
public void HttpSession.setMaxInactiveInterval(int secs)
</pre>

Revision as of 23:14, 31 May 2016

External

Internal

Overview

Ideally, a session would be invalidated as soon as the user closed his browser, browsed to a different site, or stepped away from his desk. Unfortunately, there is no way for a server to detect any of these events. Consequently, sessions live throughout some period of inactivity after which the server assumes the user must have left and it's not worth holding session state for her anymore.

The default timeout (in minutes) can be specified using web.xml: 

<web-app>
    ....
    <session-config>
        <session-timeout>60</session-timeout>
    </session-config>    
</web-app>

The timeout doesn't directly influence the total life time of a session. It only specifies the time interval between two subsequent requests after which the session should be considered invalid.

Setting the Session Timeout on Server

The server-wide place to set up the session timeout is:

  • JBoss 5.x: ${JBOSS_HOME}/server/${JBOSS_PROFILE}/deployers/jbossweb.deployer/web.xml
  • JBoss 4: ${JBOSS_HOME}/server/${JBOSS_PROFILE}/deploy/jbossweb-tomcat-50.sar/web.xml

HTTP Session Timeout API

Timeout can be also individually configured for a session using: 

public void HttpSession.setMaxInactiveInterval(int secs)
Retrieved from "https://kb.novaordis.com/index.php?title=HTTP_Session_Timeout&oldid=9541"