Spring-boot Spring-Security session timeout

Question

UPDATED QUESTION:

I have a spring-boot 1.1.3.RELEASE project that is using EmbeddedTomcat and Spring-Security. I posted this a while back

Answer 1

Just to update this, because I went looking for an answer and couldn't find it easily:

You can set the server.session.cookie.max-age=

in your application.properties to force the log out after a certain time.

This one actually uses seconds, not minutes, as the integer value. So set it to something reasonable like 120 for 2 minutes.