In the web app (Servlet-JSP MVC) I am working on I have set session timeout as -1, which means the session will never expire until it is intentionally invalidated during logout.
<session-config>
<session-timeout>-1</session-timeout>
</session-config>
But if the user stays idle (ie no activity on application) and then refreshes the application after some time, the session expires.
I am using Apache Tomcat 7.0 with XAMPP for my application.
What might be the reason? What can be done to keep the session alive indefinitely? What does "-1" in session-timeout tag actually means?
Better approach is use a ajax
call to refresh the session, but not set the session-timeout too long, because the user can close browser without quitting, then session entities will keep in memory but never will be used again.
You settings not work may caused by conflict of settings in such three places:
(1) Java Code session.setMaxInactiveInterval(600);
(2) webapp's web.xml
(3) Contianer's(tomcat?)settings conf/web.xml
or Catalina/localhost/yourapp/context.xml
or server.xml
or event in your app's submodule jars.
<Context path="/" docBase="/yourapp/base"
defaultSessionTimeOut="3600" ... />
The priorities (1)>(2)>(3)
————EDIT————
According the tomcat 7 documentation, in case you use SSL ( https://tomcat.apache.org/tomcat-7.0-doc/config/http.html )
sessionTimeout
The time, in seconds, after the creation of an SSL session that it will >timeout. Use 0 to specify an unlimited timeout. If not specified, a >default of 86400 (24 hours) is used.
Use 0 to specify an unlimited timeout
And this link JSESSIONID Cookie with Expiration Date in Tomcat and this https://stackoverflow.com/a/13463566/1484621 worth a look
The correct way to test session
is request.getSession(false) == null
, or request.getSession(true).isNew()
.
According to the source code
/**
* Set the default session timeout (in minutes) for this
* web application.
*
* @param timeout The new default session timeout
*/
@Override
public void setSessionTimeout(int timeout) {
int oldSessionTimeout = this.sessionTimeout;
/*
* SRV.13.4 ("Deployment Descriptor"):
* If the timeout is 0 or less, the container ensures the default
* behaviour of sessions is never to time out.
*/
this.sessionTimeout = (timeout == 0) ? -1 : timeout;
support.firePropertyChange("sessionTimeout",
oldSessionTimeout,
this.sessionTimeout);
}
the session-timeout
set to 0 or -1 will have same result
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.