java - The default expiration time of a session is 30 minutes. Does it mean 30 minutes from the creation of the session, or 30 minutes from the last time the session was accessed?

Question

What about that one? have no idea

Answer 1

After the last visit, it will become invalid if not visited for 30 minutes.

If it is the first situation, then the user will lose the login status while using it and have to log in again. This experience is too bad.

Answer 2

Session created for 30 minutes means it will expire if the user does not operate it for more than 30 minutes. It will expire if the user does not have any interaction with the server. It will not expire if the user has been operating. That is, the time since the last access to the session.

Answer 3

The principles of sessions in different languages ​​​​should be similar.
Take PHP as an example, the main thing is to distinguish 会话cookie的过期时间和会话文件的过期时间:
1. The expiration time of the session cookie (session.cookie_lifetime), 0 means that the session cookie will expire when the browser is closed.
2 .The reference point of the expiration time of the session file (session.gc_maxlifetime) is the last update time of the session file (update_time), not the creation time (create_time).