Expiration time of the user session - How does it work?

[gasparmedina]

Hi, I would like to know how the expiration time of a user works when I have this plugin associated with my tomcat.

Commonly when the tomcat handles user sessions, it is sufficient to set the expiration time in the tomcat web.xml file.

But when you have a tomcat and also a memcached to manage the sessions, where should the expiration time change so that it works?

The tests that I have done are the following:

Try changing the expiration time in the tomcat web.xml file. It did not work, the time that I put to try was 1 minute.

Should I directly change some memcached server settings? or how does it work?

Thank you,

Greetings.

[magro]

Setting session timeout in web.xml should work. The session is stored in memcached with a related expiration. Because there are optimizations that attempt to reduce the number of session updates IIRC the session is actually stored initially with twice the timeout. On session expiration in tomcat however the session is deleted in memcached.

[magro]

Can you reproduce your issue with the samples provided in https://github.com/magro/memcached-session-manager/tree/master/samples?

[gasparmedina]

thank you I'll prove it

[manangarg899]

Hi @magro I am also seeing that memcached is doubling the expiry time of any key saved by tomcat. Can you explain the reason and how I can fix it to keep the expiry time as same(not double). Also, where can I debug this.. when & where it is doubling the time?

Thanks Manan

[eschulma]

Using Redis as the backend, I am seeing that 30 minutes is the timeout -- and I would prefer it to be longer. Would welcome any guidance here. Our web.xml has it set to 90 minutes.