I have a problem in session management. I want to automatically logout the user when session expires. Used HttpSessionBindingListener for this purpose and set the session expiry value in the web.xml of my application.
Now the problem is that the session expiry behaviour is not consistent at all. I have set the time out of 3 minutes. But it didnt expired even waiting for more than 15 mins. BUT sometimes it suddenly works and session expires. Please help me in this strange behaviour.
The session timeout is not guarenteed to happen at the specified time. It only guarantees the session timout doesn't happen before the specfied timeout. Typically this is all you need. If that behviour is not sufficient store the last access time in the session and check/update this timestamp on every request (ServletFilter).