Home/ Questions/Q 3488026
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T11:13:14+00:00

i am using spring framework,apache,tomcat and the login page is handled with spring security

  • 0

i am using spring framework,apache,tomcat
and the login page is handled with spring security
and i have an issue
that every first time request to the login page is generating a new session for the user, i know it’s the default behaviour, when you access the login page, a new session is created for you, then what if a large load made on the login page, too many users are just viewing the login page without doing anything, so too many un-used sessions are created here.
what do you guys think of just an issue, i know it’s rare, but it may occur, how to deal with it ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I don’t think thats rare. One possible solute could be to set the session timeout to a minimum. For example 5 minutes. Further you can write a filter to increase the session timeout if a session already exists for the user. So normal user will have a session timeout of 30 minutes and users only visit one side have a timeout of 5 minutes.

    Here is a filter that dose the trick:

    public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {

    HttpServletRequest httpRequest = (HttpServletRequest)request;

    // The false is important, otherwise a new session will be created.
    HttpSession session = httpRequest.getSession(false);

    if (session == null) {
        chain.doFilter(request, response);
        return;
    }

    session.setMaxInactiveInterval(30 * 60);
    chain.doFilter(request, response);
}

    Another good advice is to filter crawlers like the google bot. “Bot Detection” is a good keyword to look for.

    • 0