Problem statement:
==================
XYZ webbased system and users of system belongs to department. There are two departments
finance and personal. If requirement is for users belongs to finance department session time out
is 10 minutes and other than finance, users session timeout should be 30 minutes.
Possible Approch:
=================
1. Set default session time out using
<session-timeout></session-timeout>
to 30 minutes.
2. After successful user authentication check for the user department.
If department is finance Then
use
HttpSession.setMaxInactiveInterval()
API to override 30 min session time out
to 10 minutes and this session time will be applicable to that user not other users and there
session time out.
End IF
Hope this example helps you to get and clear understanding and about the difference between
use of
<session-timeout></session-timeout>
and
HttpSession.setMaxInactiveInterval()
.