I'm setting the session timeout in the application properties
server.servlet.session.timeout=10m
But I want to change it when the user in specific pages is there any method to do it?
Related
Our application is created by Jhipster which comprise with spring boot and keycloak and postgress db. I have set the "SSO Session Idle" time as 1 minute in the keycloak realm settings.
Expectation is keycloak should send logout event if the user is idle for 1 minute and more. But nothing is happening(even no log in keycloak) and the session is still alive. I am able to call other rest API without any issue.
While logging in through key cloak I am able to see following log in keycloak. Not sure whether this is creating problem.
03:57:20,717 WARN [org.keycloak.events] (default task-64) type=REFRESH_TOKEN_ERROR, realmId=google, clientId=youtube, userId=8299cea8-8ebf-45df-8685-b37445620255, ipAddress=10.198.140.148, error=invalid_token, grant_type=refresh_token, refresh_token_type=Offline, refresh_token_id=2b031b6d-5ff4-4967-a300-42b930dfc04b, client_auth_method=client-secret
Is there anything specific I have to configure in application.yaml or application_prod.yaml for getting session expired event in spring boot Jhipster application ?
I am struck for many days. Any help would be much appreciated.
I am expecting while setting session idle time in keycloak, keycloak should send session time out or logout event. And Jhipster spring boot application should able to log out.
To configure this at boot-up time we can either set it in the HttpSecurity object or in application.yml. But how can we do this at dynamically at run-time? i.e. in response to a user prompt after the system has started up and is already serving requests and has logged-in users.
In the Spring Boot project, I want to clear the Session by making a get request and extend the session with an XMLHttpRequest request.
Any ideas on how I can do it?
What should i do in Spring Boot to activate persistent sessions ?
I tried to play with theses properties without luck:
server.session.persistent=true
server.session.store-dir=/some/path/sessions
When i stop the daemon a see a file SESSIONS.cer on the session store-dir which disappears when I restart the daemon, but the user not logged anymore (go to login page).
My Spring boot project is an Oauth2 authorization server (I use Spring Security Oauth2) which is used with the Implicit grant. The session is used to avoid the user the retype its credential (login form) when asking for a token (/oauth/authorize). This is the default behaviour of spring security oauth2
EDIT:
I tried with the following property too without luck:
server.tomcat.basedir=/tmp
To me, it didn't work because the objects i stored in session were not Serializable.
Just check they are.
Object stored in session must implement Serializable along with a fixed serialVersionUID. Otherwise JVM will assign a random serialVersionUID which will be different for each server deployment. Since it is different for each deployment, server will not able to find a previous session and result in creating a new session.
Reference:
Why jvm generates serialVersionUID?
I developed a web application using spring and hibernate. By using Spring Security , i am restricting one session per user. When user try to attempt multiple login then old session will be invalidated and new one will be active.I have registered HttpSessionListener in my web.xml file.In sessionDistroyed method i am writing some functionality that will be executed when Http Session getting invalidating.
Now problem is when a single user try to do multiple login ,spring security expiring the old session but not invalidating the old session.So in that case sessionDistroyed method not being executed.But i want sessionDistroyed method to be called when spring security expiring the old session.
Can anyone please help to resolve this problem.