Spring Security Session Timeout working in localhost but not on the server

Question

Session Timeout is working fine in the localhost, but when I deploy it on the Linux Server, the timeout doesn't work at all.

Does anyone have an idea what's the issue here?

My configuration in the SecurityConfig is:

http.authorizeRequests()
                .antMatchers("/js/**", "/css/**", "/icons/**", "/login/**", "/error").permitAll()
                .anyRequest().hasRole("USER")
                .and()
                .formLogin().loginPage("/login").permitAll()
                .and()
                .logout().permitAll().logoutSuccessUrl("/login?logout=true").invalidateHttpSession(true).deleteCookies("JSESSIONID")
                .and()
                .sessionManagement();

with the Beans

@Bean
public SessionRegistry sessionRegistry(){
    SessionRegistry sessionRegistry = new SessionRegistryImpl();
    return sessionRegistry;
}



@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
    HttpSessionEventPublisher httpSessionEventPublisher = new HttpSessionEventPublisher();
    return httpSessionEventPublisher;
}

And inside the property file:

server.servlet.session.timeout=1m

The solution found here https://stackoverflow.com/q/54193797/15799765 The property server.servlet.session.timeout does only work on the embedded tomcat but not for the external one. For the external one you have to configure the web.xml like in the solution I linked above. — Marius Stusche, May 06 '21 at 10:32

Spring Security Session Timeout working in localhost but not on the server

0 Answers0