To set a session-timeout that never expires is not desirable because you would be reliable on the user to push the logout-button every time he's finished to prevent your server of too much load (depending on the amount of users and the hardware). Additionaly there are some security issues you might run into you would rather avoid.

The reason why the session gets invalidated while the server is still working on a task is because there is no communication between client-side (users browser) and server-side through e.g. a http-request. Therefore the server can't know about the users state, thinks he's idling and invalidates the session after the time set in your web.xml.

To get around this you have several possibilities:

  • You could ping your backend while the task is running to touch the session and prevent it from being expired
  • increase the <session-timeout> inside the server but I wouldn't recommend this
  • run your task in a dedicated thread which touches (extends) the session while working or notifies the user when the thread has finished

There was a similar question asked, maybe you can adapt parts of this solution in your project. Have a look at this.

Hope this helps, have Fun!


<session-config>
    <session-timeout>-1</session-timeout>
</session-config>

You can use "-1" where the session never expires. Since you do not know how much time it will take for the thread to complete.