I have below requirement:
1. Expire user session after 15 min
2. When user resumes, a new session should be created and for end user application should work like session was never expire. Means, he should be allowed to resume to work from same state where he was in application without any errors.
For 1st thing, I have set session timeout in web.xml. For second part, I would like to know this can be handled. Any pointers are highly appreciated.
By resuming the session, you want to authenticate the user again and create the session. If this is the case, how do you think, the user shouldn't know that another session is being created.
Another question, you invalidate the session after 15mins, when you invalidate, the attributes associated with the session will be lost, how do you plan to retain them