Spring Boot Misconfiguration: Overly long session timeout
Description
The server.servlet.session.timeout configuration item from the Spring properties file defines the default session timeout interval for all sessions created in this web application.
The current configuration specified a session timeout value greater than 30 minutes.
Remediation
Decrease the value for <strong>server.servlet.session.timeout</strong> in the Spring properties file like in this example: <pre> server.servlet.session.timeout=30 </pre>