How to set session timeout dynamically in Java web applications

Question

I need to give my user a web interface to change the session timeout interval  So  different installations of the web application would be able to have different timeouts for their sessions  but their web xml cannot be different   Is there a way to set the session timeout programatically  so that I could use  say  ServletContextListener contextInitialized   to read the configured interval and set it upon application startup

User · Answer

As another anwsers told  you can change in a Session Listener  But you can change it directly in your servlet  for example   getRequest   getSession   setMaxInactiveInterval 123

User · Answer

Instead of using a ServletContextListener  use a HttpSessionListener   In the sessionCreated   method  you can set the session timeout programmatically   public class MyHttpSessionListener implements HttpSessionListener      public void sessionCreated HttpSessionEvent event         event getSession   setMaxInactiveInterval 15   60      in seconds        public void sessionDestroyed HttpSessionEvent event          And don t forget to define the listener in the deployment descriptor    lt webapp gt               lt listener gt                                         lt listener-class gt com example MyHttpSessionListener lt  listener-class gt     lt  listener gt   lt  webapp gt     or since Servlet version 3 0 you can use  WebListener annotation instead     Still  I would recommend creating different web xml files for each application and defining the session timeout there    lt webapp gt         lt session-config gt       lt session-timeout gt 15 lt  session-timeout gt   lt  -- in minutes -- gt     lt  session-config gt   lt  webapp gt

User · Answer

Is there a way to set the session timeout programatically   There are basically three ways to set the session timeout value    by using the session-timeout in the standard web xml file  or  in the absence of this element  by getting the server s default session-timeout value   and thus configuring it at the server level   or  programmatically by using the HttpSession  setMaxInactiveInterval int seconds  method in your Servlet or JSP     But note that the later option sets the timeout value for the current session  this is not a global setting

User · Answer

I need to give my user a web interface to change the session timeout interval  So  different installations of the web application would be able to have different timeouts for their sessions  but their web xml cannot be different    your question is simple  you need session timeout interval should be configurable at run time and configuration should be done through web interface and there shouldn t be overhead of restarting the server   I am extending Michaels answer to address your question   Logic  You need to store configured value in either  properties file or to database  On server start read that stored value and copy to a variable use that variable until server is UP  As config is updated update variable also  Thats it   Expaination  In MyHttpSessionListener class  1  create a static variable with name globalSessionTimeoutInterval    create a static block executed for only for first time of class is being accessed  and read timeout value from config properties file and set value to globalSessionTimeoutInterval variable  Now use that value to set maxInactiveInterval Now Web part i e  Admin configuration page  a  Copy configured value to static variable globalSessionTimeoutInterval   b  Write same value to config properties file   consider server is restarted then globalSessionTimeoutInterval will be loaded with value present in config properties file  Alternative  properties file OR storing it into database  Choice is yours    Logical code for achieving the same  public class MyHttpSessionListener implements HttpSessionListener      public static Integer globalSessionTimeoutInterval   null     static           globalSessionTimeoutInterval    Read value from  properties file or database        public void sessionCreated HttpSessionEvent event            event getSession   setMaxInactiveInterval globalSessionTimeoutInterval          public void sessionDestroyed HttpSessionEvent event          And in your Configuration Controller or Configuration servlet  String valueReceived   request getParameter timeoutValue   if valueReceived     null        MyHttpSessionListener globalSessionTimeoutInterval   Integer parseInt timeoutValue               Store valueReceived to config properties file or database

[java] How to set session timeout dynamically in Java web applications?

Examples related to java

Examples related to session

Examples related to servlets

Examples related to jakarta-ee

Examples related to timeout