Course – LS (cat=REST)

Get started with Spring and Spring Boot, through the reference Learn Spring course:


1. Overview

This tutorial will show how to set up session timeout in a Servlet based web application.

2. Global Session Timeout in the web.xml

The timeout of all Http Sessions can be configured in the web.xml of the web application:

<?xml version="1.0" encoding="UTF-8"?>
<web-app ...>



Note that the value of the timeout is set in minutes, not in seconds.

An interesting sidenode is that, in a Servlet 3.0 environment where annotations may be used instead of the XML deployment descriptor, there is no way to programmatically set the global session timeout. Programmatic configuration for session timeout does have an open issue on the Servlet Spec JIRA – but the issue has not yet been scheduled.

3. Programmatic Timeout per Individual Session

The timeout of the current session only can be specified programmatically via the API of the javax.servlet.http.HttpSession:

HttpSession session = request.getSession();

As opposed to the <session-timeout> element which had a value in minutes, the setMaxInactiveInterval method accepts a value in seconds.

4. Tomcat Session Timeout

All Tomcat servers provide a default web.xml file that can be configured globally for the entire web server – this is located in:


This default deployment descriptor does configure a <session-timeout> with to a value of 30 minutes.

Individual deployed applications, providing their own timeout values in their own web.xml descriptors will have priority over and will override this global web.xml configuration.

Note that the same is possible in Jetty as well: the file is located in:


5. Conclusion

This tutorial discussed the practical aspects of how to configure the timeout of the HTTP Session in a Servlet Java application. We also illustrated how this can be set at the web server level, both in Tomcat as well as in Jetty.

The implementation of these examples can be found in the github project – this is an Eclipse based project, so it should be easy to import and run as it is.

When the project runs locally, the homepage html can be accessed at:

Course – LS (cat=REST)

Get started with Spring and Spring Boot, through the Learn Spring course :

res – REST (eBook) (cat=REST)
Comments are open for 30 days after publishing a post. For any issues past this date, use the Contact form on the site.