Announcement Announcement Module
No announcement yet.
Change session time out value dynamically Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Change session time out value dynamically


    I am using Spring backend with Jetty server. My requirement is user should be able to change the session timeout value at run time.

    I found the below logic using which we can set the session time out value:

             Server server = new Server();
             Handler handler = server.getHandler();
             if(handler instanceof WebAppContext) {
                 System.out.println("Found wac");
                 WebAppContext rctx = (WebAppContext) handler;
    Once user submits the new session time out value and request reach my spring class, how can i get the reference of Jetty server within my spring class so that i can use the above logic to set the session time out value.

    Is there any other way using which we can set the session time out value on the running server from a spring class? I do not want to set the session timeout per session but want it to be applied globally for all sessions.


  • #2
    Why not per session, you could create a Listener or filter for that which applies it automatically and then you have a solution that works on each server. You could even make it part of your Spring Security Filter chain if you make it a filter.


    • #3
      In case it is per session, then if one user applies a new session time out value, it will not get updated for other already open sessions. I want the new session time out value to get updated for all open sessions.
      Also, if we apply it per session, then i ll have to set this value on every session create action (whenever user logs in). Instead if we can have this value set on server start up, it ll be more cleaner.

      In addition, i ll be keeping the session time out value inside DB. So, when server starts, i ll read the data from DB and update the session time out value using the above mentioned code.



      • #4
        That all depends on the implementation of your filter...

        Also setting a session timeout globally doesn't change it for already open sessions, the session timeout is set on the session upon creation...

        And as mentioned it all depends on your filter, the same method you all globally is available on the session. IMHO creating a filter or trying to hack something together which taps into the server isn't more difficult.


        • #5
          Thanks Marten.

          I decided to go with having spring SessionAuthenticationRegistry listener and apply the new session time out value inside onAuthentication method. It works fine now.