问题
By default the JSESSIONID cookie is expired when you close the browser, but how long is the associated HttpSession really valid on the server side?
回答1:
It defaults to 30 minutes on most containers which you can configure by <session-config> in your webapp's web.xml.
<session-config>
<session-timeout>10</session-timeout>
</session-config>
The above example will change the server side session timeout to 10 minutes. So in other words, when the client do not interact with the server for more than 10 minutes (even though the browser is kept open that long), then the session will expire on the server side. Any next request will create a new session.
See also:
- How do servlets work? Instantiation, sessions, shared variables and multithreading
来源:https://stackoverflow.com/questions/7449468/default-session-expiration-timeout