Setting session timeout period with Spring Security 3.0
I am using Spring Security 3.0 to authenticate with an LDAP server and I cannot figure out to set my own session timeout period. I believe that the default is 30 minutes but I need to set it to longer than that
You can either set the session timeout (say 60 minutes) for all sessions in web.xml:
<session-config>
<session-timeout>60</session-timeout>
</session-config>
or on a per-session basis using
session.setMaxInactiveInterval(60*60);
the latter you might want to do in a authorizationSuccessHandler.
<form-login authentication-success-handler-ref="authenticationSuccessHandler"/>
If you are using Spring Boot you can do so by adding the following to the application.properties file:
server.session.cookie.max-age=<your_value_in_seconds>