Web applications identify every user by a session. The session holds information about the user. An example is an Internet shopping cart. The content of the shopping cart is stored in a session. To prevent the number of sessions from increasing infinitely, they are destroyed after a certain time of inactivity from the user. This is a session timeout. When a session times out, all of the data stored in the session is gone.
If a session timeout is set too long, a user who forgets to log out leaves the session open for the next user who comes to the same computer. Reducing the session timeout reduces the chance of having two users use the same session.
To reduce a session timeout:
Locate the following section in the tomcat_home/conf/web.xml file:
<session-config> <session-timeout>30</session-timeout> </session-config>
Specify the desired timeout value.
The timeout value is specified in minutes.
Save the file, then restart Tomcat to have the change take effect.