Invalidating session in spring
to 2 minutes, could explain the reason of unexpected logouts.Unfortunately, it was configured with sufficient timeout value.As for Spring MVC you can influence session management with tag inside One of the first things that I checked during investigation was session timeout configuration under this tag.Users’ claimed that they were being logged out during continuous usage of application (e.g. I was trying to reproduce those unexpected logouts on my own but it resulted in failure.First idea about possible cause of logouts led me to think that users were logged out due to exceeded idle timeout available.This property is responsible for invalidating users’ sessions if they exceed idle timeout (defined in minutes) on the website.In my case, a wrongly configured session timeout, e.g.
On the other hand, I witnessed apps that performed auto-logout (without action of a user) after some amount of idle time (e.g. That kind of mechanism was done with the help of Java Script and led to incomprehension between development team and clients.
With this property you can set maximum concurrent sessions for a user.
A sample configuration presenting the concurrency control strategy is listed below.
I would like to share with you six steps that may help in investigation of problems related to wrong session management and/or wrong infrastructure configuration for your web applications, especially Java web applications.
The steps were prepared based on the real experience with finding out the root cause of unexpected users’ logouts in my Spring MVC web application.