Servlet Session timeout
Question
I'm writing my SPring MVC web application.
I have set my session time out to be 10080 minutes equal to 1 week. Now I would like to keep user logged in every time he open browser:
sessionService.setcurrentUser(myuser);
HttpSession session = request.getSession();
Cookie cookie = new Cookie("JSESSIONID", session.getId());
cookie.setMaxAge(timeout);
response.addCookie(cookie);
Should my cookie Max Age be the same as session time out?
cookie.setMaxAge(10080);
Is it good practice?
3 answers
solution1
7 2010-11-08 11:38:07
You should configure it in web.xml , not by hacking the default session cookie.
<session-config>
<session-timeout>10080</session-timeout>
</session-config>
Note that you shouldn't store too much data in session and/or that your server has enough memory.
solution2
2 2010-11-08 12:54:27
The following posts contain interesting information.
As far as good practice goes you probably have two things to consider:
- Security aspect of leaving a the session active for a long period of time.
- Memory implications, your session will be serialized and you want to keep it to a minimum. Especially if the amount of users could grow drastically.
solution3
1 ACCPTED 2010-11-08 08:15:03
You use cookies to refer to your session id. If the timeout of the cookie is lower than the session, it will not find your session anymore. So setting your timeout of your cookie to at least the timeout of your session is advisable.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.