What would be the response code for session timeout in tomcat/other app servers?

Question

I have configured following tag in my tomcat's web.xml. I waited for more than 2 minutes but still i am able to access the session. I came to know that there will be background thread run by tomcat to verify the expired sessions. I waited for more than 15 min still it seems this background thread not running .

Can Some one please let me know what is the http response code that we get when session is timed out ? Also how do i ensure that tomcat's background thread run's frequently?

 <session-config>
        <session-timeout>2</session-timeout>
    </session-config>

Are you sure it's not a new session that is created? – herman Feb 04 '15 at 13:53 — herman, Feb 04 '15 at 13:53

score 1 · Answer 1 · answered Feb 04 '15 at 13:53

Tomcat is doing this out of the box, You don't have access to this. You won't have special http response, Tomcat is going over the session object that time out has reached and kill all objects.

In the next request to the server you will send Jsession(This is the sessionId the server is creating). The jsessionId won't find any session and you will see in the request empty session..

request.getSession(false) == null, or request.getSession(true).isNew().

This is the general explanation Hope that helps

score 0 · Answer 2 · answered Feb 04 '15 at 13:46

0

There is no specifict HTTP response code. The server will respond with a 200 OK or any other appropriate code. But your session will be empty.

answered Feb 04 '15 at 13:46

score 0 · Answer 3 · answered Feb 04 '15 at 13:59

0

It all depends on what you were using the HttpSession object for. If you were using it to hold some data indicating that a user was authenticated then it might be appropriate to respond with a 401 Unauthorized if the session has timed out.

answered Feb 04 '15 at 13:59

bhspencer

13,086
5
35
44

What would be the response code for session timeout in tomcat/other app servers?

3 Answers3