Setting session timeout in spring boot application using google App Engine

Question

I have a spring boot application which is being deployed in google app engine. I have a requirement of setting session time out on condition basis.

I tried attaching a successHandler in spring security configuration as

 protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
            .and()
            .successHandler(successHandler())

    }

And here is the success handler

    private AuthenticationSuccessHandler successHandler() {
    return (httpServletRequest, httpServletResponse, authentication) -> {
        httpServletRequest.getSession().setMaxInactiveInterval(10);
    };
}

I figured out that google app engine uses jetty server (jetty 9 actually) and it frequently keeps storing the created sessions in memcache and datastore. some how app engine does not honor the session time out set by calling

httpServletRequest.getSession().setMaxInactiveInterval(10);

Setting session timeout in spring boot application using google App Engine

0 Answers0