In general you can not. Once the session is created, it gets always updated (lastAccessTime) when a request comes in.
You would have to implement this feature on your own. I did it couple of times, it's not that hard.
The idea is, you update the session.lastAccessMillis with the System.currentTimeMillis()
inside a Grails before-Filter
. The update should happen only for non-XHR requests. Then, you also check, if such a request came not too late, otherwise invalidate the session.
Something like
class SessionTimeoutFilters {
def filters = {
all( uri:'/**' ){
before = {
if( request.xhr ) return
long now = System.currentTimeMillis()
if( !session.lastAccessMillis || TIMEOUT < now - session.lastAccessMillis )
session.lastAccessMillis = now
else
session.invalidate()
}
}
}
}
}