Session timeout in Java (with Spring Boot and Hazelcast)
Question
I have a java application built with Spring Boot 1.5.13, and I don't manage to set the session timeout to 60 minutes. I discovered that the default session timeout is set by Spring to 30 minutes. On this project, we use:
a custom configuration for HttpSecurity
protected void configure(HttpSecurity http) {
http.successHandler((httpServletRequest, httpServletResponse, authentication) -> {
httpServletResponse.setHeader(AUTHENTICATED_HEADER_NAME, AUTHENTICATED_TRUE);
HttpSession session = httpServletRequest.getSession(); session.setMaxInactiveInterval(3600); }) }
and Hazelcast, with the annotation
@EnableHazelcastHttpSession(hazelcastFlushMode = HazelcastFlushMode.IMMEDIATE, maxInactiveIntervalInSeconds = 3600)
on the configuration Class.
None of the methods from above worked until now, but I discovered that I can use in application.properties file server.session.timeout=timeInSeconds , but it did't have an effect. On the debugging mode I can see that the session.maxInactiveInterval is set to 3600 seconds, but when I run the frontend on my machine with the backend having the above changes, I get a 30 minutes session.
Even weirder is the fact that if I configure from HttpSecurity setMaxInactiveInterval() with any value smaller than 30 minutes, it works, I got a session for that desired value of time, but if I try to use a value greater than 30 minutes, somehow the session will expire after 30 minutes sharp.
1 answers
solution1
0 2019-09-25 11:24:02
I found that spring-session.1.3.6, which is used by SpringBoot 1.5, have a bug in its HazelcastSessionRepository save method. Changing a session's maxInactiveInterval is noted in the Hazelcast session, but the ttl in the Hazelcast IMap holding the Hazelcast session object isn't altered after it was created. When the default maxInactiveInterval of 30 mins has passed, the session is removed from the IMap and the session expires.
It look like it has been changed in SpringBoot 2.x, but as we're still on 1.5, I patched the version we use and now it's working.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.