Is it possible to give different session timeouts for different groups of users?

Vinay Salehithal

The session timeout set in the web.xml is common for all sessions in the application. But you can override that for a "particluar" session, by using the
HttpSession.setMaxInactiveInterval(int secs)
on your session instance.

So, for your requirement, you can check that if a particular user belongs to the John-Q group, change his session timeout using the above method or else the default session timeout of 30 min remains.