By default the JSESSIONID cookie is expired when you close the browser, but how long is the associated HttpSession really valid on the server side?
By default the JSESSIONID cookie is expired when you close the browser, but how
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
By default the JSESSIONID cookie is expired when you close the browser, but how long is the associated HttpSession really valid on the server side?
It defaults to 30 minutes on most containers which you can configure by
<session-config>in your webapp’sweb.xml.The above example will change the server side session timeout to 10 minutes. So in other words, when the client do not interact with the server for more than 10 minutes (even though the browser is kept open that long), then the session will expire on the server side. Any next request will create a new session.
See also: