Invalidating the session after 30 seconds
Invalidating the session after 30 seconds - Live free women feet chat
Since it should be stateless, I don't create sessions but generate access tokens, more precisely JSON web tokens, the client has to present on every request.
So if the used did nothing for 30 Sec in the next refresh after 40 Sec I get to session Destroyed().However, If I set some attribute (say user)in session object during session creation and check for null value of the attribute after one minute, I get null and do the following: if((String)Session(false)Attribute("user")== null) // redirect to login page This code works fine.Now my question is whether session object exists after timeout and therfore I don't get null in first case.Note thought, that session won't be collected exactly after timeout period has run out.The servlet container checks for session that timed out every now and then, and upon finding session that is eligible for destruction, fires the listener method and destroys the session.But when timeout is over, attributes set in session are removed automatically and I get null in second case.
Seems that the session object relies on server for its GC.
If they're logging in to check their account balance, a shorter session timeout period can be used because it doesn't take long for a person to read a couple of numbers.
If, on the other hand, the user is logging in to read large amounts of data, you need to be sure that you provide enough time for the user to do what he or she wants without being logged out.
If the user is constantly navigating through your site, the session will last indefinitely.
I am using struts and tomcat and wants the user to be redirected to login page after session timeout.
The amount of time can be configured in the deployment descriptor of the Web application.