Setting session timeout period with Spring Security 3.0

I am using Spring Security 3.0 to authenticate with an LDAP server and I cannot figure out to set my own session timeout period. I believe that the default is 30 minutes but I need to set it to longer than that


You can either set the session timeout (say 60 minutes) for all sessions in web.xml:

<session-config>
  <session-timeout>60</session-timeout>
</session-config>

or on a per-session basis using

session.setMaxInactiveInterval(60*60);

the latter you might want to do in a authorizationSuccessHandler.

<form-login authentication-success-handler-ref="authenticationSuccessHandler"/>

If you are using Spring Boot you can do so by adding the following to the application.properties file:

server.session.cookie.max-age=<your_value_in_seconds>