Description

The session-timeout configuration element from WEB-INF/web.xml defines the default session timeout interval for all sessions created in this web application.

The current configuration specified a session timeout value greater than 30 minutes.

Remediation

Decrease the value for session-timeout in WEB-INF/web.xml like in this example:


30

References

Related Vulnerabilities