Introduction to tomcat timeout
When there are long idle sessions where nothing is happening, the tomcat webserver raises the session timeout after a certain period, leading to the closing of the session waiting time. The configuration of this timeout parameter is specified in the web.xml file present inside the tomcat installation home path. We can change the value by changing the attribute’s value in web.xml. One of the tricky things is to find the reason behind the timeout error, which we will try to understand in this session.
In this article, we will individually discuss the things of tomcat timeout and timeout error.
What is tomcat timeout?
Tomcat timeout is the configuration setting specified in web.xml, which helps determine the maximum time the server should wait in a particular idle session with none of the process happening inside it. It is always a good practice to close this session for the benefits of maintaining security over the session and also the management of memory. After this idle time, the tomcat webserver raises a session timeout error, and the person is navigated out of the session.
tomcat timeout configure session
The configuration of the session timeout attribute can be found in the web.xml file of the tomcat server. This file can be located inside the home directory of tomcat installation and the conf folder. Usually, in windows, the file is present in the C drive’s Program Files/ Apache Software Foundation/ Tomcat (version installed)/ conf folder. In the Linux platform, the file can be found inside the /opt/ tomcat (version installed), inside which you will find the conf folder inside which the web.xml file will be there.
The default value of session-timeout set for Apache Tomcat Web /server is 30 minutes specified between the starting and ending element of <session-timeout > element inside the web.xml file.
tomcat timeout configures session error
Usually, when our application takes a long time to retrieve the response and the browser does get the response from the webserver in a stipulated time of the session time out, then an error named session timeout is thrown on the user’s side, and the user is navigated back to the login page as can be seen from the below screenshot –
Usually, when your request to bring certain data or perform certain manipulation may take a long time due to huge data or improper management in coding the feature, the best solution is to increase the session timeout value set in the tomcat configurations. Hence, avoiding the session timeout error when your feature will take a long time to become successful can be done by manipulating the session timeout value of the tomcat web server’s configurations.
Changing the existing or default value of session timeout is easy and can be understood from the below point.
We change the session timeout value.
The default value set for the tomcat session timeout is 30 minutes, meaning that the application will wait for a minimum of 30 minutes to get the response to its request, and if the response doesn’t come, the session is considered timed out, and it is closed. We can change the default value of tomcat session timeout simply by editing a configuration file named web.xml in which the element with tag <session-timeout> needs to be searched and modified. The tag will, by default, be as shown below –
<session-timeout> 30 </session-timeout>
You can set any desired value between the starting and ending tag of session-timeout in web.xml and then save the file. Note that the value should be mentioned considering the unit as minutes. After saving your changes to reflect the configurations, you need to restart the Apache Tomcat web server. You can find the web.xml file of configurations in the path <Catalina tomcat installation home>/conf, where the Catalina tomcat installation home is the directory where you have installed your Apache Tomcat in the system.
It is always suggested to take the backup of the existing web.xml file before you make any changes to it. This is just in case the configurations you set or modify in the file do not work out as expected; then, you can revert the file to the previously provided if you have a backup.
We can also set the unlimited timeout configuration for the session or mean no timeout of sessions in tomcat by changing the value mentioned in the session-timeout element of web.xml to -1. Though doing so is not suggested, your session details may then get accessible by the attacker, which will lead to leakage of information about your credentials and related applications. Hence, for security reasons, never set the value to unlimited timeout.
tomcat timeout examples
Let us first understand the need to change the timeout value of tomcat using an example. If the specified timeout value is over, the session is closed, and the user is again brought back to the login page to initiate a new session, as shown in the below screen –
The default value set as timeout may result in a problem in some scenarios when a request from your application takes the time to return a response greater than the set timeout value. Unfortunately, this results in the user being unable to use that functionality. However, we can overcome this problem simply by changing the value of the timeout set inside the configuration file of the tomcat web server.
First, open the web.xml file and search for the session-timeout element. It looks by default as shown here –
If I know that my request will take 45 minutes to serve. With a safer value considering the worst-case scenarios of the network, let’s set the value to 50 minutes inside the web.xml as shown below –
After doing so, my feature will work properly and perform the necessary task without exiting the session.
Tomcat timeout or session timeout is the value for which a particular session on the browser side waits until it gets the response from the server. We can manipulate this value from configurations.
This is a guide to tomcat timeout. Here we discuss each of the things of tomcat timeout and timeout error individually. You may also have a look at the following articles to learn more –