What is the session timeout hierarchy in JBoss EAP?

Solution Verified - Updated

Environment

  • Red JBoss Enterprise Application Platform (EAP)
    • 4.x
    • 5.x
    • 6.x

Issue

  • Where can we check for the default idle session time out parameter in the jboss configuration files ?
  • In what order does JBoss timeout sessions ?
  • How to set global Session timeout for all the web application deployed in jboss EAP 6 ?
  • Is there any way to increase the sessions time of the applications in the jboss side ?
  • Where can we setup httpsession timeout in Jboss 6.1.0 ?
  • Session timeout is not working in EAP 6.x.
  • What is the default http session timeout and how to change the default value of http session timeout in JBoss EAP 6.3?
  • Is there any rule need to follow to configure http session timeout in JBoss EAP 6?
  • How to configure Http session timeout in JBoss EAP 6?

Resolution

  • The session timeout hierarchy in JBoss EAP is (from lowest to highest precedence):

    1. org.apache.catalina.session.Manager.maxInactiveInterval (default 60 seconds)
    2. Set globally in JBossWeb's web.xml (default 30 minutes):
      • For EAP 4.x, $JBOSS_HOME/server/$PROFILE/deploy/jboss-web.deployer/conf/web.xml
      • For EAP 5.x, $JBOSS_HOME/server/$PROFILE/deployers/jbossweb.deployer/web.xml
    3. Set in the web application's web.xml: WEB-INF/web.xml
    4. Dynamically set in code by javax.servlet.http.HttpSession#setMaxInactiveInterval(int)

  • In other words, if the session timeout is set programmatically in the web application via javax.servlet.http.HttpSession#setMaxInactiveInterval(int). This takes precedence over the timeout set in the webapps web.xml, which takes precedence over configured timeout in JBossWeb's gloabl web.xml.

  • In web.xml, the configuration format is:

      <session-config>
    <session-timeout>30</session-timeout>
  </session-config>

EAP 6
For EAP 6 up to 6.3 it is not possible to set session timeout globally because there is no global web.xml and there is no setting in the web subsystem currently.
The default Http session timeout in EAP 6 is 30 minutes and it is hard-coded at the container level.
If there is a need to set the session timeout, this should be done in the web application's web.xml.

Starting from EAP 6.4 you can modify the default session timeout by changing the default-session-timeout attribute of the web subsystem.
Setting it 15 minutes for example:

/subsystem=web:write-attribute(name=default-session-timeout,value=15)

result in xml:

        <subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false" default-session-timeout="15">
...
        </subsystem>

EAP 7

See How to configure default HTTP Session Timeout on EAP 7

SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.