I am trying to understand the real purpose of session configuration in Web.xml for session timeout.

<!-- Session Configuration -->
<session-config>
        <session-timeout>60</session-timeout>
</session-config>

Now let me tell you about my question.

My application is importing/uploading a .txt file, which is bound to take more than 1 hour, since there are millions of records to be imported. But the session times out after 1 hour though my application is still importing that .txt file which is in progress. Such an application should not timeout as the application is doing some task in the background.

To set a session-timeout that never expires is not desirable because you would be reliable on the user to push the logout-button every time he's finished to prevent your server of too much load (depending on the amount of users and the hardware). Additionaly there are some security issues you might run into you would rather avoid.

The reason why the session gets invalidated while the server is still working on a task is because there is no communication between client-side (users browser) and server-side through e.g. a http-request. Therefore the server can't know about the users state, thinks he's idling and invalidates the session after the time set in your web.xml.

To get around this you have several possibilities:

• You could ping your backend while the task is running to touch the session and prevent it from being expired
• increase the <session-timeout> inside the server but I wouldn't recommend this
• run your task in a dedicated thread which touches (extends) the session while working or notifies the user when the thread has finished

There was a similar question asked, maybe you can adapt parts of this solution in your project. Have a look at this.

Hope this helps, have Fun!

<session-config>
    <session-timeout>-1</session-timeout>
</session-config>

You can use "-1" where the session never expires. Since you do not know how much time it will take for the thread to complete.

Send AJAX Http Requests to the server periodically (say once for every 60 seconds) through javascript to maintain session with the server until the file upload gets completed.

Hacky way:

You could increase the session timeout programmatically when a large up-/download is expected.

session.setMaxInactiveInterval(TWO_HOURS_IN_SECONDS)

When the process ends, you could set the timeout back to its default.

But.. when you are on Java EE, and the up-/download doesn't take a complete hour, the better way was to run the tasks asynchronous (via JMS e.g.).

<session-config>
        <session-timeout>-1</session-timeout>
</session-config>

In the above code "60" stands for the minutes. The session will expired after 60 minutes. So if you want to more time. For Example -1 that is described your session never expires.

The docs says:

The session-timeout element defines the default session timeout interval for all sessions created in this web application. The specified timeout must be expressed in a whole number of minutes. If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out. If this element is not specified, the container must set its default timeout period.

You can see many options as answer for your question, however you can use "-1" where the session never expires. Since you do not know how much time it will take for the thread to complete. E.g.:

   <session-config>
        <session-timeout>-1</session-timeout>
    </session-config>

Or if you don't want a timeout happening for some purpose:

<session-config>
    <session-timeout>0</session-timeout>
</session-config>

Another option could be increase the number to 1000, etc, etc, bla, bla, bla.

But if you really want to stop and you consider that is unnecessary for your application to force the user to logout, just add a logout button and the user will decide when to leave.

Here is what you can do to solve the problem if you do not need to force to logout, and in you are loading files that could take time base on server and your computer speed and the size of the file.

<!-- sets the default session timeout to 60 minutes. -->
   <!-- <session-config>
     <session-timeout>60</session-timeout>
   </session-config> -->

Just comment it or deleted that's it! Tan tararantan, tan tan!

you can declare time in two ways for this problem..

1) either give too long time that your file reading is complete in between that time.

<session-config>
    <session-timeout> 1000 </session-timeout>
</session-config>

2)declare time which is never expires your session.

<session-config>
    <session-timeout>-1</session-timeout>
</session-config>

Another option I would recommend is to create a separate application that is stateless that would take the large file. On your main app open a new window or iframe that will accept the file and send it through that window then hide the window or iframe once the upload has started using Javascript.

If you don't want a timeout happening for some purpose:

<session-config>
    <session-timeout>0</session-timeout>
</session-config>

Should result in no timeout at all -> infinite

You should consider splitting the large file to chunks and rely on multi threading capabilities to process more than one file at a time OR let the whole process run as a background task using TimerTask and write another query to know the status of it form the browser including a progress bar can be shown if you can know the process time of a file or record.

Usually the session will not expire when request processing is happening. I think there is an LB or something in between which reads the entire file and then invokes the web container.

This might be causing a delay which is leading to expiry of the session.