Link to home
Create AccountLog in
Avatar of PublicAffairs
PublicAffairsFlag for Afghanistan

asked on

Force Java session expiration

I am trying to force a java httpsession to expire after sixty minutes.  I initially thought the session-timeout parameter in web.xml would do this, but I have discovered that it only controls timeout after a period of user inactivity.  Is there a simple way to invalidate the session after a set time period?
Avatar of CaptRespect
CaptRespect

When the person logs in put a java.util.Timer in the session, have the timer call session.invalidate(); after 60 min.

something like so:

Timer timer = new Timer();

final HttpSession session = request.getSession();

long delay = TimeUnit.MILLISECONDS.convert(60, TimeUnit.SECONDS);

timer.schedule(new TimerTask {
    @Override
    public void run() {
           session.invalidate();
    }
},  delay);

Open in new window

Avatar of PublicAffairs

ASKER

This looks like what I'm trying to accomplish, but I can't get it to compile:
final HttpSession session = request.getSession();
Timer timer = new Timer();
                    timer.schedule(new TimerTask {
                           @Override
                           public void run() {
                               session.invalidate();
                           }
                    }, 180000);

I get a "( or { expected" error in the timer.schedule line,    
           "annotation type not applicable to this kind of declaration" in the @Override line



use web xml configuration file to define when you want to end session

<session-config>
<session-timeout>60</session-timeout>
</session-config>
ASKER CERTIFIED SOLUTION
Avatar of CaptRespect
CaptRespect

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Thanks for the help!