|[ Team LiB ]|
Recipe 11.2 Setting the Session Timeout in All Tomcat Web Applications
You can set the session timeout for all web applications by configuring Tomcat's default conf/web.xml file. If the deployment descriptor for a particular web application does not have a session-config element, then the application uses the value set in conf/web.xml as the default session timeout. The content of the session-timeout element (nested within session-config) represents the time in minutes until an inactive session expires.
Example 11-4 shows the session-config element in the default web.xml file for Tomcat 4.1.x, with the accompanying XML comment.
<!--=================== Default Session Configuration ================--> <!-- You can set the default session timeout (in minutes) for all newly--> <!-- created sessions by modifying the value below.--> <session-config> <session-timeout>30</session-timeout> </session-config>
On application deployment, Tomcat processes its default web.xml file, followed by the deployment descriptors for each web application. Your own session-config element overrides the one specified in conf/web.xml. It is usually a better idea to configure sessions for each web application individually, particularly if they are designed to be portable.
Recipe 11.1 on configuring the session timeout; Recipe 11.3 on setting the session timeout programmatically; Recipe 11.4 on checking the validity of a session; Chapter 1 on web.xml; Chapter 7 of the Servlet v2.3 and 2.4 specifications on sessions; the session-tracking sections of Java Servlet Programming by Jason Hunter (O'Reilly) and JavaServer Pages by Hans Bergsten (O'Reilly).
|[ Team LiB ]|