I use spring security 3.2 ver.
And my logout option have invalidate-session="false".
So i can't use session listener.
How to get auto logout time?
Do not click logout button.
And spring security have token listener or credential listener?
Asked
Active
Viewed 1,589 times
1
-
Do you see that wide buttons on the left and right bottom corners of your keyboard? – peterh Jun 19 '15 at 10:22
-
sorry i edit uppercase. – JHKWUN Jun 19 '15 at 10:32
2 Answers
0
you have add tag into spring security file
<security:session-management>
<security:concurrency-control
max-sessions="1" />
</security:session-management>
auto-log out after you have not used.
0
Correct me if I am wrong, so I can delete my answer, cant you add something like below in your web.xml :
<session-config>
<session-timeout>1440</session-timeout>
</session-config>
I am having hard time understanding your question because your grammar is very awkward. I presume you want to set some time after which the session expires, is logged out. YOu can also use something like this below for session-management :
<security:session-management session-fixation-protection="invalidateSession">
<security:concurrency-control session-registry-ref="sessionRegistry" max-sessions="1" expired-url="/login"/>
</security:session-management>
I hope this is what you are looking for.
We are Borg
- 5,117
- 17
- 102
- 225