I am working with primefaces 3.4 and JSF 2.0.4, I´ve set up the session to be over in 30 minutes in web.xml
<session-config>
<session-timeout>30</session-timeout>
</session-config>
And i have an iddleMonitor set up to show up in 25 minutes, however, suddenly the session gets lost, and iddlemonitor does not show up, and the application does not work,
Anybody has face this problem? any solution?
Related
Currently I have added this in my web.xml
<session-config>
<session-timeout>1</session-timeout>
</session-config>
But after one minute session is not getting expired,
I don't know whats wrong can anyone let me know where i'm doing wrong
In my WAR's web.xml, I added the following XML tags:
<session-config>
<session-timeout>1</session-timeout>
</session-config>
Although I've done that, the session doesn't timeout after 1 minute. I registered a HttpSessionListener to monitor the session creation\destruction:
<listener>
<listener-class>my.listener.SessionListener</listener-class>
</listener>
...and only the session-creation indicator method is called when a session is created, but the session-destruction method isn't called after one minute as expected, yet its called after 20 minutes though, which is the default timeout duration in OC4J.
How can I change this default behavior ?!
I have following configuration in web.xml in tomcat 7. I am wondering if I can add any configurable parameter here, so that if user tries to do any operation post 30 minutes, I redirect the user to our home page.
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<domain>mydomain.mycompany.com</domain>
<http-only>true</http-only>
<secure>false</secure>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
This is probably not possible by configuration only. You will have to add a filter aswell. One way of doing that is described here: https://stackoverflow.com/a/1027592/3417638
If you would like to configure the redirect in web.xml, this can be done by using a context-parameter, see: https://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Context_Parameters
How can i redirect user after session timeout? I have found some solutions but my problem is a little different. I got only one page and when the user clicks a button after timeout, he will be redirected to login page. Is there any solution?
web.xml
<session-config>
<session-timeout>
1
</session-timeout>
</session-config>
set session timeout in your web.xml - and config spring secruity as you want it.
I have a default installation of Tomcat 6.0, and I have an app that stores information in the session variable.
It seems that my session is invalidated after a short period of inactivity. So long as I'm navigating to another page every few seconds, the session data is there, but if I stop clicking for about half a minute, the session id that the browser stores changes. (I've confirmed this using Firebug, and see the same behavior from IE8 which is my target browser.)
Why might this be happening? The web.xml for my app specifies 30 minute sessions, and I've made a call to session.setMaxInactiveInterval(60) to see if that changed anything, but it doesn't seem to.
Sanity check:
My web app web.xml starts like this:
<?xml version="1.0" encoding="utf-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd"
version="2.5">
<session-config>
<session-timeout>30</session-timeout>
</session-config>
My server's web.xml contains these lines:
<session-config>
<session-timeout>30</session-timeout>
</session-config>
According to this, the method you use take the input as seconds, not minutes, so you would be making things worse.
As for the rest, I'd think about the code that is using the session since the web.xml fragment looks ok.
Some of the lastest versions of Tomcat 6 have a feature named "Session Fixation" which changes the session Id after you login.