[ACCEPTED]-setting session timeout in Spring MVC-spring-mvc

Accepted answer
Score: 24

Solution using Pure Spring MVC, sevlet context.xml 4

<mvc:interceptors>
    <bean class="com.xxx.SessionHandler" />
</mvc:interceptors>

Handler Adapter

@Component
public class SessionHandler extends HandlerInterceptorAdapter {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        request.getSession().setMaxInactiveInterval(60*60);
        return true;
    }
}

Assuming you are using spring 3 security,

For each successful login i think 2 best way is to create LoginSuccessHandler and specify authentication-success-handler 1 for normal login as well as remember-me.

@Service
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    @Override
    public void onAuthenticationSuccess(
            HttpServletRequest request,
            HttpServletResponse response,
            Authentication authentication) throws ServletException, IOException {
        request.getSession().setMaxInactiveInterval(60*60);
        super.onAuthenticationSuccess(request, response, authentication);
    }

}

 

<http auto-config="true" use-expressions="true">
    <form-login login-page="/login"
        authentication-failure-url="/login.hst?error=true"
        **authentication-success-handler-ref="loginSucessHandler"** />
    <logout invalidate-session="true" logout-success-url="/home" logout-url="/logout" />
    <remember-me key="jbcp" **authentication-success-handler-ref="loginSucessHandler"**/>
    <session-management>
        <concurrency-control max-sessions="1" />
    </session-management>
</http>

More Related questions