Martin just replied off-line to me, saying: Wicket's CookieDefaults is only for custom response cookie. The JSESSIONID cookie is not managed by Wicket at all. The session timeout can be managed with with web.xml's session-timeout (in minutes) or via Servlet API - http://docs.oracle.com/javaee/5/api/javax/servlet/http/HttpSession.html#setMaxInactiveInterval(int) (in seconds).
HTH Dan On 4 July 2014 08:58, Dan Haywood <[email protected]> wrote: > Thanks for exploring this further, Erik. > > I've just pinged Martin Grigorov, one of the Wicket committers, and who is > good enough to keep a watching eye over other Apache projects (such as > ours) that use Wicket. I'm hoping he might be able to bring in a little > illumination into this topic. > > Dan > > > > On 4 July 2014 08:03, Erik de Hair <[email protected]> wrote: > >> It looks like the session cookie is set by wicket. There's a class >> "org.apache.wicket.util.cookies.CookieDefaults" that sets the expiration >> maxAge to 30 days. I found no way to configure this (or tell wicket to use >> my modified implementation) so I copied the class into the webapp and set >> the maxAge to the required value (and that does the trick for now). >> >> I'll try to figure out: >> - if it is possible to set the maxAge in Wicket runtime or by >> configuration >> - if Shiro is or can be involved in setting the cookie like in Dan's >> example [1] >> >> Erik >> ________________________________________ >> From: Dan Haywood [[email protected]] >> Sent: Thursday, July 03, 2014 11:52 AM >> To: users >> Subject: Re: configure session timeout >> >> Haven't played around with this myself, so can't advise. >> >> The Shiro mailing list might be a good place to ask. A quick google on >> StackOverflow also threw up [1], which might help >> >> Dan >> >> [1] >> >> http://stackoverflow.com/questions/17556787/shiro-resets-the-session-after-2-min >> >> >> >> >> On 2 July 2014 11:29, Erik de Hair <[email protected]> wrote: >> >> > Hi, >> > >> > How to configure the session timeout of the web app? I tried to set the >> > session time out in web.xml and in shiro.ini but both have no effect. >> The >> > cookie expires in a month... >> > >> > My additional shiro-config (tried to let it expire in 1 minute): >> > >> > [main] >> > ... >> > sessionManager = >> org.apache.shiro.web.session.mgt.DefaultWebSessionManager >> > # 3,600,000 milliseconds = 1 hour >> > sessionManager.globalSessionTimeout = 60000 >> > securityManager.sessionManager = $sessionManager >> > >> > >> > Thanks, >> > Erik >> > >> > >
