Session management is a crucial part for web applications requires user login. If session is not managed properly, the security of data is directly impacted.
Define session timeout in web.xml
In your Spring configuration file, add the following property:
Change the value in the session-timeout tag to the number of timeout minutes you want to set.
Spring Security session timeout settings
Once the session is timeout and if someone tries to access, then we need to redirect our application on any URL. Add the following to the xml configuration file of Spring Security.
How can we solve this problem? The answer is to add a way to automatically refresh the web page after the session timeout.
Refresh the web page automatically after session timeout
Add the following tag in the section of the web page.
In the above code, session.getMaxInactiveInterval() will return the session timeout setting in seconds from web.xml. In our case, the return value will be 3600, corresponding to the 60 minutes we set in web.xml.
In this way, after 60 minutes, the session becomes invalid, and the dashboard.jsp automatically redirects the user to the login page.
If you have any questions, feel free to leave a comment below.