Login session timeout


I would like to set a timeout for the login session of x minutes.

I have created a SessionListener:

public class SessionListener implements HttpSessionListener { @Override public void sessionCreated(HttpSessionEvent event) { event.getSession().setMaxInactiveInterval(60 *15); } @Override public void sessionDestroyed(HttpSessionEvent event) { } }

Which create sessions with a timeout of 15 minutes but I would like to set this timeout once a user is login. Otherwise, if you wait more than 15 minutes in the login page and try to login, the session has been destroyed and you won't be able to login (and AccessDeniedHandler class is launched).


Finally I have a solution for that. The main reason why Spring creates a session even if the user is not authenticated is for the csrf token, so as soon as a page is open Spring will create a session. What I have done is set the session without timeout when it is created.

public class SessionListener implements HttpSessionListener { @Override public void sessionCreated(HttpSessionEvent event) { event.getSession().setMaxInactiveInterval(0); } @Override public void sessionDestroyed(HttpSessionEvent event) { } }

Then, once a user is authenticated (with the login page) I set a timeout to the current session:

public class LoginSuccessHandler extends SimpleUrlAuthenticationSuccessHandler { @Autowired private RedirectStrategy redirectStrategy; @Override protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException { // Set session timeout when user is authenticated request.getSession().setMaxInactiveInterval(5); redirectStrategy.sendRedirect(request, response, targetUrl); } }

In this way the user can stay at login page as long as it want and the session will never be destroyed.


  • C Programming compare rows and columns of 2d array
  • Session Listener in Spring Mvc Google app engine
  • Top Command: How come CPU% in process is higher than in overall CPU Usage Percentage
  • SELECT DISTINCT in Scala slick
  • “Register Device” fails in Preferences -> Studio -> Platforms -> iOS #appcelerator
  • PHP Script with cURL works on one server…does not work on other server
  • Typing in jMeter
  • Detecting if a user to a website is from a mobile phone
  • procmail recipe causes wrong timestamp
  • Listbox generates secondary Listbox based on selection
  • Count active sessions in J2EE app deployed on JBoss 3.2.1
  • whatsapp c# Auth response error
  • use Cube Functions to get filtered dimensions
  • call a service layer function in Listener class on Session destroyed in Spring
  • Detecting All Caps in a string
  • XMonad: Is there a way to bind a simultaneously triggered keychord?
  • Dynamically populate a dropdown box with Jquery and Java
  • SpringSession DefaultCookieSerializer.setJvmRoute works, but HttpServletRequest does not have the jv
  • How to retrieve user entered data inside sessionCreated method
  • array from php to JavaScript
  • Getting SQLException: Driver:org.hsqldb.jdbcDriver returned null for URL in tomee
  • Issue with session.handler.native_file session handler in symfony2
  • Session management in GWT client side
  • PHP Post & Redirect with cURL Same As HTML Form [closed]
  • IP and domain create different session
  • jQuery and Uploadify session in the php file
  • Embedded Google Maps in Rails not responsive
  • JQuery Internet Explorer and ajaxstop
  • Opengl-es onTouchEvents problem or a draw problem? [closed]
  • Adding custom controls to a full screen movie
  • Comma separated Values
  • Error creating VM instance in Google Compute Engine
  • Hits per day in Google Big Query
  • how does django model after text[] in postgresql [duplicate]
  • Turn off referential integrity in Derby? is it possible?
  • Linking SubReports Without LinkChild/LinkMaster
  • Authorize attributes not working in MVC 4
  • Busy indicator not showing up in wpf window [duplicate]
  • Python/Django TangoWithDjango Models and Databases
  • Net Present Value in Excel for Grouped Recurring CF