I have created a SpringBoot MVC/Security app 1.2.2.RELEASE and my application.properties contains server settings like
#Tomcat port and contextPath details
server.port=8080
server.contextPath=/test
#server.session-timeout=120
server.sessionTimeout=120
The documentation states
server.session-timeout= # session timeout in seconds
but the ServerProperties.java uses sessionTimeout;
If you look at the application.properties code I have posed, I have tried both independently and together, but I don't get timed out after 2 minutes, I don't have any other code explicitly written to perform any session handeling.
Has anyone come across this issue? What am I missing or doing wrong?
I don't know for some reason only setting
server.session.timeout=120
didn't work for me however, when I set both session timeout and cookie max age like below:
server.session.cookie.max-age=120
server.session.timeout=120
it works perfectly
I'm not sure what this server.session.timeout is for because when I set it to a specific number, and monitor the session creation, the session expiry does not get changed.
I'm using spring session and redis integration, in my case, I need to set the maxInactiveIntervalInSeconds to be like 120(seconds), this can be done thru redisHttpSessionConfiguration.
And then if I go to redis to look for the session, I can see it's expiry is changed to 120 seconds and session timeout works.
One suggestion of mine would be that try to find out if you can configure the session's maxInactiveIntervalInSeconds(or similar) either programmatically or in the property file and monitor session changes.
(This applies to Spring 1.5.x at the time of this writing)
Note that if you're using Redis session @EnableRedisHttpSession (such as in the other comment @Phoebe Li's case), then the application property server.session won't be applied. You'll have to set it manually by code like this:
@EnableRedisHttpSession
public class HttpSessionConfig {
@Bean
public RedisOperationsSessionRepository sessionRepository(RedisConnectionFactory factory) {
RedisOperationsSessionRepository sessionRepository = new RedisOperationsSessionRepository(factory);
//Set the TTL of redis' key, which in turn will expire session when TTL is reached
sessionRepository.setDefaultMaxInactiveInterval(15); //e.g. 15 seconds
return sessionRepository;
}I
}
You can try with adding this both statements.
server.session.cookie.max-age=120
server.session.timeout=120
You can find complete example on my blog here: http://www.onlinetutorialspoint.com/spring-boot/how-to-set-spring-boot-tomcat-session-timeout.html
In application.yml of my Spring Boot 2 app
# A negative value means that the cookie is not stored persistently and will be deleted when the Web browser exits
server:
servlet:
session:
cookie:
max-age: -1
timeout: -1
With these settings JSESSIONID cookie expiration time is set to "When the browsing session ends".
来源:https://stackoverflow.com/questions/29128277/springboot-app-session-timeout