Overly long session timeout in servlet configuration
Description
The session-timeout configuration element from WEB-INF/web.xml defines the default session timeout interval for all sessions created in this web application.
The current configuration specified a session timeout value greater than 30 minutes.
Remediation
Decrease the value for <strong>session-timeout</strong> in WEB-INF/web.xml like in this example: <pre> <session-config> <session-timeout>30</session-timeout> </session-config> </pre>