Hello,
I’m trying to understand the relationship between session timeouts and heartbeats in Vaadin 7.7.9:
One of our clients has a requirement that user sessions timeout after twenty minutes (within a few minutes of this is good enough):
We have set the session timeout property in web.xml as follows:
<session-config>
<session-timeout>20</session-timeout>
</session-config>
And the following in application.properties:
vaadin.servlet.closeIdleSessions=true
And we’ve played around with several settings for:
vaadin.servlet.heartbeatInterval
It seems that the session won’t time out until the first heartbeat after the time set in the web.xml session-timeout setting has been received.
I hope this example explains what I mean:
Web.xml
<session-config>
<session-timeout>20</session-timeout>
</session-config>
Application.properties
vaadin.servlet.closeIdleSessions=true
vaadin.servlet.heartbeatInterval = 600
Scenario 1:
- 13:00 - User activity stops
- 13:11 - Heartbeat received (next heartbeat will be at 13:21)
- 13:20 - Session should timeout
- Session can be extended by any activity in the one minute gap before the next heartbeat is received at 13:21
- 13:21 - Heartbeat received
- User experience is that any activity after 13:21 (or the next heartbeat at 13:31) will result in a session timeout – session timeout seems to be around twenty minutes
Scenario 2:
- 13:00 - User activity stops
- 13:19 - Heartbeat received (next heartbeat will be at 13:29)
- 13:20 - Session should timeout
- Session can be extended by any activity in the nine minute gap before the next heartbeat is received at 13:29
- 13:29 - Heartbeat received
- User experience is that any activity after 13:29 (or the next heartbeat at 13:39) will result in a session timeout - session timeout seems to be around thirty minutes
Is this correct ?
If we want the session to time out fairly close to the value of <session-timeout> do we need to set a short heartbeat interval (maybe 30 seconds) ?
Thanks in advance for any help.