发表新帖
发表新帖

Springboot app session timeout

后端 未结
关注
5 1270
北荒
北荒 2021-01-04 11:12

I have created a SpringBoot MVC/Security app 1.2.2.RELEASE and my application.properties contains server settings like

#Tomcat port and contextPath details
s
相关标签:
5条回答
  • 有刺的猬
    2021-01-04 11:22

    I don't know for some reason only setting 

    server.session.timeout=120

    didn't work for me however, when I set both session timeout and cookie max age like below:

    server.session.cookie.max-age=120
server.session.timeout=120

    it works perfectly

    0 讨论(0)
  • 面向向阳花
    2021-01-04 11:29

    In application.yml of my Spring Boot 2 app

    # A negative value means that the cookie is not stored persistently and will be deleted when the Web browser exits
server:
  servlet:
    session:
      cookie:
        max-age: -1
      timeout: -1

    With these settings JSESSIONID cookie expiration time is set to "When the browsing session ends".

    0 讨论(0)
  • 暗喜
    2021-01-04 11:32

    I'm not sure what this server.session.timeout is for because when I set it to a specific number, and monitor the session creation, the session expiry does not get changed.

    I'm using spring session and redis integration, in my case, I need to set the maxInactiveIntervalInSeconds to be like 120(seconds), this can be done thru redisHttpSessionConfiguration.

    And then if I go to redis to look for the session, I can see it's expiry is changed to 120 seconds and session timeout works.

    One suggestion of mine would be that try to find out if you can configure the session's maxInactiveIntervalInSeconds(or similar) either programmatically or in the property file and monitor session changes.

    0 讨论(0)
  • 爱一瞬间的悲伤
    2021-01-04 11:37

    You can try with adding this both statements.

    server.session.cookie.max-age=120
server.session.timeout=120

    You can find complete example on my blog here: http://www.onlinetutorialspoint.com/spring-boot/how-to-set-spring-boot-tomcat-session-timeout.html

    0 讨论(0)
  • 滥情空心
    2021-01-04 11:41

    (This applies to Spring 1.5.x at the time of this writing)

    Note that if you're using Redis session @EnableRedisHttpSession (such as in the other comment @Phoebe Li's case), then the application property server.session won't be applied. You'll have to set it manually by code like this:

    @EnableRedisHttpSession
public class HttpSessionConfig {
    @Bean
    public RedisOperationsSessionRepository sessionRepository(RedisConnectionFactory factory) {
        RedisOperationsSessionRepository sessionRepository = new RedisOperationsSessionRepository(factory);

        //Set the TTL of redis' key, which in turn will expire session when TTL is reached
        sessionRepository.setDefaultMaxInactiveInterval(15); //e.g. 15 seconds

        return sessionRepository;
    }I
}
    0 讨论(0)
 看不清?
提交回复
热议问题