Authenticated Session Timeout and chatty javascript

**diegopig** · Mar 13th, 2012, 11:43 AM

Hi.

I'm using Spring MVC and Spring Security for a project and everything works fine except the authenticated session that never expires.

My guess is that, because of a "chatty" javascript that keeps GETting images from the site, the authenticated session never expires (since the application sees request coming from the authenticated user).

I tried to use filters="none" in the hope to exclude in some way the static content from the "attention" of Spring Security, but it didn't work.

Any opinion would be quite appreciated.

Thank You.
Regards,
Diego Pigozzo

**rohan123** · Mar 13th, 2012, 01:42 PM

yes or can be, session-timeout is never-expired one

**diegopig** · Mar 14th, 2012, 02:43 AM

Originally Posted by rohan123

yes or can be, session-timeout is never-expired one

I'm not sure what you mean. If you're meaning "<session-timeout>-1</session-timeout>" that's not the case, because I setted session-timeout to 5.

**diegopig** · Mar 14th, 2012, 07:40 AM

It looks like it really is a problem caused by the "chatty javascript".

Anyway I found out a workaround implementing a custom SessionManagementFilter that explicity invalidates sessions after some time has occured since last "meaningful request".

Thread: Authenticated Session Timeout and chatty javascript

Thread Tools

Display

Authenticated Session Timeout and chatty javascript

Posting Permissions