By default, most containers use 30 minutes by default, which you can configure using <session-config> in your web.xml web application.
<session-config> <session-timeout>10</session-timeout> </session-config>
The above example will change the server-side session time by 10 minutes. In other words, when the client does not interact with the server for more than 10 minutes (although the browser remains open for so long), the session expires on the server side. Any next request will create a new session.
See also: