Session Timeout is not working Spring Boot?

Question

I have set the following property

server.servlet.session.timeout=30s

in my application properties but the session time out is not triggerd. but after setting

server.servlet.session.cookie.max-age=30s

the session time out got trigger but following code for updating logout time is not getting triggerd.

 @Component
    public class LogoutListener implements ApplicationListener<SessionDestroyedEvent> {
     
   @Override
        public void onApplicationEvent(SessionDestroyedEvent event)
        {
            List<SecurityContext> lstSecurityContext = event.getSecurityContexts();
            UserDetails ud;
            for (SecurityContext securityContext : lstSecurityContext)
            {
                ud = (UserDetails) securityContext.getAuthentication().getPrincipal();
        
                us.findAllUsersByEmail(ud.getUsername()).get(0).setLastLogout(LocalDateTime.now());
                System.out.println("lastloginspec : " + ud.getUsername() + " : 00 : " + LocalDateTime.now());
            }
        }
        
        }
    
    
    @Bean
        public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
            return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
    }

Could any one Help me out ?

Answer 1

I have implemented the session listener by following way.

1. Create a custom http session listener.

   @Component
   public class CustomHttpSessionListener implements HttpSessionListener{
   
   private static final Logger LOG= LoggerFactory.getLogger(Test.class);
   
    @Override
    public void sessionCreated(HttpSessionEvent se) {
        LOG.info("New session is created.");
        UserPrincipal principal = (UserPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
   
    }
   
    @Override
    public void sessionDestroyed(HttpSessionEvent se) {
        LOG.info("Session destroyed.");
        UserPrincipal principal = (UserPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
   
   
    }}
   

2. Invoke new ServletListenerRegistrationBean and add CustomHttpListener to it and annotate it as @Bean.

   @Autowired private CustomHttpSessionListener customHttpSessionListener;
   
   @Bean 
   public ServletListenerRegistrationBean<CustomSessionListner>sessionListenerWithMetrics() {  ServletListenerRegistrationBean<CustomSessionListner>
        listenerRegBean = new ServletListenerRegistrationBean<>();
        listenerRegBean.setListener(customHttpSessionListener);
        return listenerRegBean;
   }
   

3. Adding a property to application.properties

   server.servlet.session.timeout = 15m