It looks like the session cookie is set by wicket. There's a class "org.apache.wicket.util.cookies.CookieDefaults" that sets the expiration maxAge to 30 days. I found no way to configure this (or tell wicket to use my modified implementation) so I copied the class into the webapp and set the maxAge to the required value (and that does the trick for now).
I'll try to figure out: - if it is possible to set the maxAge in Wicket runtime or by configuration - if Shiro is or can be involved in setting the cookie like in Dan's example [1] Erik ________________________________________ From: Dan Haywood [[email protected]] Sent: Thursday, July 03, 2014 11:52 AM To: users Subject: Re: configure session timeout Haven't played around with this myself, so can't advise. The Shiro mailing list might be a good place to ask. A quick google on StackOverflow also threw up [1], which might help Dan [1] http://stackoverflow.com/questions/17556787/shiro-resets-the-session-after-2-min On 2 July 2014 11:29, Erik de Hair <[email protected]> wrote: > Hi, > > How to configure the session timeout of the web app? I tried to set the > session time out in web.xml and in shiro.ini but both have no effect. The > cookie expires in a month... > > My additional shiro-config (tried to let it expire in 1 minute): > > [main] > ... > sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager > # 3,600,000 milliseconds = 1 hour > sessionManager.globalSessionTimeout = 60000 > securityManager.sessionManager = $sessionManager > > > Thanks, > Erik >
