stackoom
  简体   繁体   中英

Spring Security session timeout is too short

 原文  2014-08-25 12:49:12       java/ spring/ session/ spring-mvc/ spring-security

Question

I don't know how, but session timeout is incredibly short. As I know Spring Security session timeout depends on default server's session configurations. I've found out that GlassFish timeout is 1800 sec(10 min). But I think session removes every 5 minutes. How could this happened? This is my Spring Security configurations: 

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">    



    <!-- enable use-expressions -->
    <http auto-config="true" use-expressions="true">

        <intercept-url pattern="/adminRole/**" access="hasRole('ROLE_ADMIN')" />

        <intercept-url pattern="/userRole/**" access="hasRole('ROLE_USER')" />

        <!-- access denied page -->
        <access-denied-handler error-page="/403" />

        <form-login 
            login-page="/" 
            default-target-url="/resolveRoles" 
            authentication-failure-url="/?error" 
            username-parameter="username"
            password-parameter="password" />
            <remember-me key="key" token-validity-seconds="2419200" />
        <logout logout-success-url="/?logout"  />
        <!-- enable csrf protection -->

    </http>



    <!-- Select users and user_roles from database -->
    <authentication-manager>
      <authentication-provider>
      <password-encoder hash="sha"/>      
        <jdbc-user-service data-source-ref="dataSource"
          users-by-username-query=
            "select username,password, enabled from smsc.users where username=?"
          authorities-by-username-query=
            "select username, role from smsc.user_roles where username =?  " />
      </authentication-provider>
    </authentication-manager>

</beans:beans>

1 answers

solution1
 7 ACCPTED  2014-08-25 14:42:46

There is only the session timeout, but no additional timeout in spring security (except the one for the remember me token, but this is a different thing).

You can configure the session timeout within the web.xml : 

<web-app>
   <session-config>
      <!-- in minutes -->
      <session-timeout>60</session-timeout>
   </session-config>
</web-app>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Security Session Timeout - Java Detect session timeout in Spring 3/Spring Security 2.0.5 Spring Security - Session Timeout without extending/renewing Keep locale on Spring Security session timeout Spring security Session Timeout handling for Ajax calls Logout/Session timeout catching with spring security Setting session timeout period with Spring Security 3.0 CAS logout on session timeout using spring security How to set spring security session timeout? How to enable session and set session timeout in Spring Security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM