Avoid Spring application log out on browser close
Question
I have a weird problem and not able to fix it.
The Problem :
I login to my Spring web application which has long session timeout, whenever I quit the browser and then reopen it, access my web-app and I see login page every time.
It works fine as long as browser is not closed. I thought that there is some problem with the chrome settings, but it's not. Also it happens with all the browsers.
My web.xml :
<session-config>
<session-timeout>10000</session-timeout>
<cookie-config>
<name>myapp</name>
<http-only>true</http-only>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
My Spring Security configuration:
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/resources/**" access="permitAll" />
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/login/forgot" access="permitAll" />
<security:intercept-url pattern="/login/resetpassword" access="permitAll" />
<security:intercept-url pattern="/home/admin/**" access="hasAnyRole('ROLE_admin', 'ROLE_manager')" />
<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_admin', 'ROLE_manager','ROLE_user')" />
<security:form-login
login-page="/login"
login-processing-url="/login"
authentication-failure-handler-ref="authenticationFailureFilter"
authentication-success-handler-ref="authenticationSuccessHandler"
username-parameter="email"
password-parameter="password" />
<!-- enable csrf protection -->
<security:csrf/>
</security:http>
Is there any problem with my web.xml or Spring Security?
1 answers
solution1
4 ACCPTED 2016-11-07 18:59:01
Please set the max age attribute of the cookie.
By default, -1 is returned, which indicates that the cookie will persist until browser shutdown.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.