Timeout errors are troublesome, isn’t it?

Apache Tomcat session timeout mainly occurs due to longer idle sessions. But, finding the real reason for the timeout error can be tricky.

At Bobcares, we receive many requests to fix the Apache Tomcat session timeout error as part of our Server Management Services.

Today let’s have a deep look at this error and how our Support Engineers fix it for the customers.

What is the Apache Tomcat session timeout error?

Recently, one of our customers approached us with a session time out error.

He had web applications running under Apache Tomcat Webserver. He left his application idle for about 30 minutes.

After that, when he tried to access the page, he got the following error,

This occurred due to the idle session timeout error of an application server.

Usually, the default session timeout in the Apache Tomcat application server is 30 minutes. Unless it is set as per the application requirement, it can result in website errors.

How we change the session timeout value?

Now let’s check how our Support Engineers change the session timeout setting for an Apache Tomcat application server.

To modify the default session timeout value on an Apache Tomcat server,

1. Firstly, we open the web.xml file within the Tomcat installation directory. For security reasons, we always make a backup copy of this file.

Usually, in Windows, web.xml file appears under the path c:\Program Files\Apache Software Foundation\Tomcat x.0\conf.

Similarly, in Linux, we can edit this file from /opt/tomcat/conf/web.xml.

2. After that, we edit the following segment of code in the web.xml file,

<session-config>
<session-timeout>30</session-timeout>
</session-config>

3. Next, we change the timeout setting to the desired value. It is important to note that the value of timeout is set in minutes.

4. Finally, we save the file and restart the Tomcat server.

Similarly, we can set up an unlimited session timeout or no timeout in Tomcat. We can do this by setting the number in the session timeout tag to -1.

But, we do not recommend this due to security reasons. An attacker can steal and use the existing user session during this session timeout.

Therefore, setting the session timeout value to a minimum is the best practice.

[Need help to change the Tomcat session timeout value?- We’re available 24/7.]

Conclusion

In short, the login screen appears frequently due to the idle session timeout of the Application Server. Today, we saw how our Support Engineers fix the Apache Tomcat session timeout error for our customers.