Announcement Announcement Module
Collapse
No announcement yet.
Authenticated Session Timeout and chatty javascript Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authenticated Session Timeout and chatty javascript

    Hi.

    I'm using Spring MVC and Spring Security for a project and everything works fine except the authenticated session that never expires.

    My guess is that, because of a "chatty" javascript that keeps GETting images from the site, the authenticated session never expires (since the application sees request coming from the authenticated user).

    I tried to use filters="none" in the hope to exclude in some way the static content from the "attention" of Spring Security, but it didn't work.

    Any opinion would be quite appreciated.

    Thank You.
    Regards,
    Diego Pigozzo

  • #2
    yes or can be, session-timeout is never-expired one

    Comment


    • #3
      Originally posted by rohan123 View Post
      yes or can be, session-timeout is never-expired one
      I'm not sure what you mean. If you're meaning "<session-timeout>-1</session-timeout>" that's not the case, because I setted session-timeout to 5.

      Comment


      • #4
        It looks like it really is a problem caused by the "chatty javascript".

        Anyway I found out a workaround implementing a custom SessionManagementFilter that explicity invalidates sessions after some time has occured since last "meaningful request".

        Comment

        Working...
        X