We want to implement session timeout for 10m in our play web application. But I have no idea on how to do this. I followed play 2.2.x documentation and some other web sites's like below mentioned. But it doesn't works for me, how do I do this?
Secured.java:
@Override
public String getUsername(Http.Context ctx) {
// see if user is logged in
if (session("userId") == null)
return null;
// see if the session is expired
String previousTick = session("userTime");
if (previousTick != null && !previousTick.equals("")) {
long previousT = Long.valueOf(previousTick);
long currentT = new Date().getTime();
long timeout = Long.valueOf(Play.application().configuration().getString("sessionTimeout")) * 1000 * 60;
if ((currentT - previousT) > timeout) {
// session expired
session().clear();
return null;
}
}
// update time in session
String tickString = Long.toString(new Date().getTime());
session("userTime", tickString);
return User.findById(Long.parseLong(session("userId"))).getUsername();
}
application.conf :
sessionTimeout=10
Finally, I figure out above issue. @Security.Authenticated(Secured.class) in controller class was missed.