Maintaining session timeout globally in java spring configuration

Posted on


Below is my code to maintain a session timeout globally in Java spring configuration and to load the session timeout value from a properties file. Do you have any suggestions to improve my code?

public class MySessionListener implements HttpSessionListener {
        public void sessionCreated(HttpSessionEvent event) {
            try {
                ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
                InputStream stream = classLoader.getResourceAsStream("");
                Properties properties = new Properties();
                String sessionTimeout = properties.getProperty("cookieName", "No Value Found");
            } catch (IOException e) {

        public void sessionDestroyed(HttpSessionEvent event) {




Quite a number of points for this short piece of code:

  • As the properties file will probably not change at runtime, loading it every single time a session gets created is a total waste. See whether you can cache the session timeout in a static variable.
  • If the value is not set, the default “no value found” will lead to a number format exception. Better use a sensible parseable default.
  • Similar context: by setting the value to a non-parseable string, you can kill the server with a misconfiguration.
  • “sessionTimeout” should not be named “cookieName”
  • Separation of concerns: a method should do one thing. This is a mixup of reading the program configuration and using the determined value to set the timeout.
  • Error handling: printStackTrace does not accomplish anything. Do something real (e.g. log an error for the server admin, shutdown, whatever.) If you decide to continue the process in case of an I/O exception, set a sensible default on the session.

Leave a Reply

Your email address will not be published. Required fields are marked *