Global inactivity vs appl. session timeout

Similar Messages

• Global inactivity timeout

  how can i set the global inactivity timeout for different domains because our clients are located in different domains
  thanks
  mish

  ".com"

• ITS session timeout

  I have a problem when someone closes out of a ITS session in the web browsers by using the “X” in the upper right hand corner of the browser there is an SAP session left hanging out there. If you go into transaction AL08 the session stays out there for hours. How do I get the session to timeout? Is this an SAP setting or an IIS web server setting?

  Hi Chris,
  in ITS 6.20 you can set this by using service parameters (AKA ~ Parameters). These values are set in <itsroot>/6.20/<Instancename>/services folder. Either in global.srvc for all services or in <servicename>.srvc for one specific service.
  ~timeout => time (in minutes) of inactivity till the session is deleted
  not to mix up with
  ~usertimeout => time (in hours) till the log on cookie expires
  HTH
  Ralph

• How to deal with session timeouts?

  How to deal with session timeouts?
  With our current configuration of using single signon, when the web session times out (currently 20 minutes of inactivity), the user loses anything they have entered on a service form.  The use case is that a user starts filling out a form and gets interrupted, goes to lunch, etc, returns and spends time filling out the form (in the mean time the web session has timed out).  When they try to submit the service they get re-logged in through SSO and they have lost all of their entries in the service.   This creates some very unhappy users.
  I'd like to know how long other customers set their web session timeouts to and if anyone has come up with ways of handling this situation - either through somehow re-establishing the session or through warnings to the user about how long they have to complete a form.

  Hi,
  The timeout period for HTTP sessions that are created in the corresponding Web application. After being inactive for the specified timeout, the HTTP sessions expire. The period is specified in minutes:
  <!ELEMENT session-timeout (#PCDATA)>
  You can only change the session timeout property in the applicationu2019s own deployment descriptors. This is not possible for the Global Web Descriptor.
  following may help you:
  [Additional Configuration Settings |http://help.sap.com/saphelp_erp2005vp/helpdata/en/a9/7a9602ad094b82a293f06d1cbe2c14/frameset.htm]
  Regards,
  Sahidur

• Session Timeout Thoughts

  I saw a post from awhile ago that you can't change the session timeout in iTunes U. Is this still true?
  Our users are having timeout issues and we have an unfortunately lengthy login process to get back into iTunes U so I had some thoughts on the Site Login URL.
  We use a portal to authenticate our users who then click an SSO link to take them to a jump page that assembles their credentials and generates an SSO link into iTunes U. I'd really like to avoid having to go back through the portal to get users back into iTunes.
  What if, instead of passing just the destination back to the site login URL, iTunes U passed a full SSO link. This way, I can just point my site login URL to the jump page. The jump page can then parse the SSO link to verify the user's credentials and just create a new SSO link right back into iTunes U, almost transparently to the users.
  Are there any better options to solve this problem? I know this would require some modification on the iTunes U side, but it seems like it'd solve some problems.
  Thanks
  Jason

  Hi Jason,
  I don't think I did a good job at explaining what I'm trying to get at. Sorry, let me try another way.
  The problem is not one of security necessarily. If you get a signature back from Apple, sure, your jump site can verify that Apple sent you warnings about sessions that are about to timeout. The problem is that Apple cannot distinguish our local users from the identity and credentials we send. It might seem that way in specific instances (because some sites have an elaborate identity/credentialling scheme), but it is not true in the general case. It is entirely possible that scores of people can share exactly the same identity/credential info ... that is totally legal in the iTunes U world (and why I urge people not to think of "users" and "accounts" whenever they think iTunes U). For example, lessay I have a site that has a very simple credentialling scheme, say ...
  Administrator@urn:mace:itunesu.com:sites:uic.edu
  Instructor@urn:mace:itunesu.com:sites:uic.edu
  Student@urn:mace:itunesu.com:sites:uic.edu
  Authenticated@urn:mace:itunesu.com:sites:uic.edu
  Unauthenticated@urn:mace:itunesu.com:sites:uic.edu
  All@urn:mace:itunesu.com:sites:uic.edu
  Further, let's say that I "anonymize" my users by sending no identity info to Apple. So if Apple sends my jump site the following:
  credentials=Student@urn:mace:itunesu.com:sites:uic.edu
  identity=
  time=123456789
  signature=stringwith_bunch_ofhex
  which one of my local users does that belong to? ... whose session should I recredential? Sure, you can make a complex credentialling scheme that narrows usage down to the specific person ... but I would urge you to think of credentials as a kind of "hall pass" ... a token that lets you into a specific place within iTunes U ... and not as a way to identify someone. Remember that Apple has to use a system that applies in the general case and what I have above is totally legal. If I want, I can obfuscate my users to be certain that only -I- know who's accessing iTunes U.
  Recall, too, the way that iTunes U is setup. Your transfer CGI sends a URL to Apple and Apple sends you back loads of HTML/JavaScript/CSS in return. Your transfer CGI passes all of it back to the end user. The heart of the HTML Apple sends is this itmss: redirect:
  itmss://deimos.apple.com/WebObjects/Core.woa/BrowsePrivately/uic.edu?
  credentialKey=1474615910&identity=2253747564656e7422203c5374756
  4656e74407569632e6564753e202853747564656e7429205b305d&time=
  1203747692&signature=32d169daa7a282f8c7efa7d4f7f7fb0dceaac507c26
  f205123473f09d6b9ef50&x=true&ignore.mscache=8974210
  That is how Apple talks to your end users. The session is private ... between Apple and your end users. The only way for you to know which session belongs to which local user is for Apple to send you that itmss link and say, in effect, "the session associated with this link is about to time out". Your jump site would have to maintain a connection between itmss links, your local users, and the credentials associated with both. But if your site is -already- caching local user/credential info, there is no need for Apple to send your creds/identity back to you.
  As ever, if my understanding is itself cloudy, I bow to Duncan. He knows all and I am happy to be corrected. Like you guys, I am here to learn.

• Session Timeout Setting in Business Intelligence Platform 4

  Greetings.  We are using Business Intelligence Platform 4 SP 2.5.  We use LDAP authentication for logging in to the CMC, BI Launchpad, and Lifecycle Management console.  Our sessions expire after 10 minutes (of either activity or inactivity).  I haven't been able to find the setting that controls the timeout.  Does anyone know?
  Thank you in advance,
  Dave

  Hi Dave,
  TO make the change for the timeout we need to navigate to following location:
  1. Program Files (x86)\SAP BusinessObjects\Tomcat6\webapps\BOE\WEB-INF
  2. Open the web.xml. Search for the "session-timeout" and change the value to as per your requirement.
  3. This change would take effect on both CMC and BI LaunchPad.
  4. Restart the Tomcat.
  At <INSTALLDIR>\Tomcat6\conf\web.xml change 30 to 60:
      <session-config>
          <session-timeout>60</session-timeout>
      </session-config>
  Regards,
  Sonia

• Session Timeout - 30 minutes

  Hello,
  I have a problem with session timeouts @ P7.2 - session least only for 30 minutes.
  Although I've been playing with domain.xml a lot, I haven't succeeded
  It is SP7.2 installed @ Sun App.Server 9
  Thanks for help.

  He is right, session timeout is handle by AM. It is located under Configuration --> Global Properties --> Session --> Dynamic Attributes --> Maximum Idle Time

• Session Timeout in weblogic 6.1 SP3-- Urgent

  Hi
  We are currently using weblogic 6.1 SP3 and iPlanet for our application. The session timeout in web.xml is set to 100 mins but the session doesn't timeout, i.e., we can still access the application without being locked out. How can I fix this??
  What is happening is that a new session is being created automatically after the sesion timeout. our application doesn't validate the user.. the authentication is done by some PKI tokens. can that be the reason for this behavior??? If so, how can we fix it??

  What is the heap size ? How many useres are hitting the system ? What is the approx size of the session? Turn on -verbose:gc and monitor the GC activity. Are the sessions really inactive ?
  Make the timeout 30 secs and the InvalidationIntervalSecs to 20 secs and see if it makes a difference.
  If you still have the same results attach the pofiler trace here. A test case would be good too.
  Rakesh Aggarwal wrote:
  We are running a J2EE servlet in Weblogic 6.1 SP3 on Windows NT. The test client to this servlet opens a new Http session on every request.
  The server containing the servlet does not seem to be releasing memory associated with the session. The server eventually runs out of memory due to this. We verified this with a profiler tool. It shows Strings allocated with ServletRequestImpl.getSession() (weblogic.servlet.internal.session.RSID.getID()) not freed. We have set the session invalidation timeout to 1 min using:
  1) session-timeout=1 in web.xml,
  2) TimeoutSecs=60, InvalidationIntervalSecs=60 in weblogic.xml for the web-app containing the servlet.
  We have also tried setting session.setMaxInactiveInterval(60secs) for the servlet. The latter setting does seem to work as verified from a UI client. We are wondering whether weblogic server is not cleaning up the session even after invalidating it.
  We are not saving any reference to the Http session in our servlet. So we would think that the weblogic server should cleanp the inactive session after 1 min according to the above setting.
  Any help regarding this will be sincerely appreciated. Thanks.
  -Rakesh--
  Rajesh Mirchandani
  Developer Relations Engineer
  BEA Support

• Idle Timeout & Session Timeout in Wireless LAN Controller

  Hello Team;
                 I am confused with these two values and their working.
  1. Idle Timeout :
      Case 1 : When the client move out of the wireless covergae area or shutdoiwn his laptop, controller will wait for the idle timeout to expire and then the AP sends the disassocciation frames to the client, and if the AP is not getting any acknowledgement , the client entry is deleted from the WLC
     Case 2 : In this case the clients manually disconnect from the SSID. Thatmeans the client is initiating the disassociation request to AP and the controller. In this case since the client is sending the disconnect notification does the controller should wait for the idle timeout to expire or once it receives the disassociation message from the client, it will immediately remove the entry from the controller regardless of the idle timeout value.
  Please confirm
  2. Session Timeout :
           Could you please let me know the difference between these two values. One differenec i know is that idle timeout is globally and the session timeout is specific to the SSID. Other than this is there any functionality difference between these two?
  Thanks & Regards
  Sreejith R

  Session timeout is a value that forces a re-auth when the timer expires. This value starts copying down when the client is authenticated. Idle timer is also a hard timer and it removes the client from the WLC after this timer expires. So if a user powers down his or he laptop or a device goes to sleep and doesn't respond to the AP, this timer starts counting down. When the value expires, then the next time that client associates, he or she will have to perform a full authentication. This is however if you not using open encryption and nothing else.
  You will be able to see the values decrement inf when you look at the client status on the WLC. In the monitor tab and clients.
  Sent from Cisco Technical Support iPhone App

• ADF Faces : session timeout best practice

  hi
  I made these small modifications to the web.xml file in the SRDemoSample application:
  (a) I changed the login-config from this ...
    <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
        <form-login-page>infrastructure/SRLogin.jspx</form-login-page>
        <form-error-page>infrastructure/SRLogin.jspx</form-error-page>
      </form-login-config>
    </login-config>... to this
    <login-config>
      <auth-method>BASIC</auth-method>
    </login-config>(b) I changed the session-timeout to 1 minute.
    <session-config>
      <session-timeout>1</session-timeout>
    </session-config>Please consider this scenario:
  (1) Run the UserInterface project of the SRDemoSample application in JDeveloper.
  (2) Authenticate using "sking" and password "welcome".
  (3) Click on the "My Service Requests" tab.
  (4) Click on a "Request Id" like "111". You should see a detail page titled "Service Request Information for SR # 111" that shows detail data on the service request.
  (5) Wait for at least one minute for the session to timeout.
  (6) Click on the "My Service Requests" tab again. I see the same detail page as in (4), now titled "Service Request Information for SR #" and not showing any detail data.
  question
  What is the best practice to detect such session timeouts and handle them in a user friendly way in an ADF Faces application?
  thanks
  Jan Vervecken

  Hi,
  no. Here's the content copied from a word doc:
  A frequent question on the JDeveloper OTN forum, and also one that has been asked by customers directly, is how to detect and graceful handle user session expiry due to user inactivity.
  The problem of user inactivity is that there is no way in JavaEE for the server to call the client when the session has expired. Though you could use JavaScript on the client display to count
  down the session timeout, eventually showing an alert or redirecting the browser, this goes with a lot of overhead. The main concern raised against unhandled session invalidation due to user
  inactivity is that the next user request leads to unpredictable results and errors messages. Because all information stored in the user session get lost upon session expiry, you can't recover the
  session and need to start over again. The solution to this problem is a servlet filter that works on top of the Faces servlet. The web.xml file would have the servlet configured as follows
  1.     <filter>
  2.         <filter-name>ApplicationSessionExpiryFilter</filter-name>
  3.         <filter-class>
  4.             adf.sample.ApplicationSessionExpiryFilter
  5.         </filter-class>
  6.         <init-param>
  7.             <param-name>SessionTimeoutRedirect</param-name>
  8.             <param-value>SessionHasExpired.jspx</param-value>
  9.         </init-param>
  10.     </filter>
  This configures the "ApplicationSessionExpiryFilter" servlet with an initialization parameter for the administrator to configure the page that the filter redirects the request to. In this
  example, the page is a simple JSP page that only prints a message so the user knows what has happened. Further in the web.xml file, the filter is assigned to the JavaServer Faces
  servlet as follows
  1.     <filter-mapping>
  2.             <filter-name>ApplicationSessionExpiryFilter</filter-name>
  3.             <servlet-name>Faces Servlet</servlet-name>
  4.         </filter-mapping>
  The Servlet filter code compares the session Id of the request with the current session Id. This nicely handles the issue of the JavaEE container implicitly creating a new user session for the incoming request.
  The only special case to be handled is where the incoming request doesn't have an associated session ID. This is the case for the initial application request.
  1.     package adf.sample;
  2.     
  3.     import java.io.IOException;
  4.     
  5.     import javax.servlet.Filter;
  6.     import javax.servlet.FilterChain;
  7.     import javax.servlet.FilterConfig;
  8.     import javax.servlet.ServletException;
  9.     import javax.servlet.ServletRequest;
  10.     import javax.servlet.ServletResponse;
  11.     import javax.servlet.http.HttpServletRequest;
  12.     import javax.servlet.http.HttpServletResponse;
  13.     
  14.     
  15.     public class ApplicationSessionExpiryFilter implements Filter {
  16.         private FilterConfig _filterConfig = null;
  17.        
  18.         public void init(FilterConfig filterConfig) throws ServletException {
  19.             _filterConfig = filterConfig;
  20.         }
  21.     
  22.         public void destroy() {
  23.             _filterConfig = null;
  24.         }
  25.     
  26.         public void doFilter(ServletRequest request, ServletResponse response,
  27.                              FilterChain chain) throws IOException, ServletException {
  28.     
  29.     
  30.             String requestedSession =   ((HttpServletRequest)request).getRequestedSessionId();
  31.             String currentWebSession =  ((HttpServletRequest)request).getSession().getId();
  32.            
  33.             boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
  34.           
  35.             // if the requested session is null then this is the first application
  36.             // request and "false" is acceptable
  37.            
  38.             if (!sessionOk && requestedSession != null){
  39.                 // the session has expired or renewed. Redirect request
  40.                 ((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
  41.             }
  42.             else{
  43.                 chain.doFilter(request, response);
  44.             }
  45.         }
  46.        
  47.     }
  This servlet filter works pretty well, except for sessions that are expired because of active session invalidation e.g. when nuking the session to log out of container managed authentication. In this case my
  recommendation is to extend line 39 to also include a check if security is required. This can be through another initialization parameter that holds the name of a page that the request is redirected to upon logout.
  In this case you don't redirect the request to the error page but continue with a newly created session.
  Ps.: For testing and development, set the following parameter in web.xml to 1 so you don't have to wait 35 minutes
  1.     <session-config>
  2.         <session-timeout>1</session-timeout>
  3.     </session-config> Frank
  Edited by: Frank Nimphius on Jun 9, 2011 8:19 AM

• Solution Manager 7.1 SP4: Session Timeout during SOLMAN_SETUP

  Hello Experts,
  We recently installed Solution Manager 7.1 SP4 on Linux/Oracle. We also completed the System Preparation and Basic Configuration part of the SOLMAN_SETUP wizard as well (which includes applying the Central Correction Note and other steps).
  During the Managed System Setup Part, as soon as we click on the Configure System for a managed system - a new window opens up and immediately we get the below timeout messages:
  This session will terminate due to inactivity in 0:00 minutes
  To continue working in this session, choose 'Continue Session'
  The above is immediately followed by the actual session timeout message:
  This session terminated due to inactivity.
  Click Close Popup
  or to start new session, press F5.
  Now even if we press F5/Refresh, the same cycle repeats.
  I already checked the ICM timeout parameters as mentioned in the Guide and further findings with regards to ITS update as in thread WEBGUI Timeout immediately after logging in
  Applying the latest kernel patch also did not help. The strange issue is that the session timeout occurs only the LMDB related services, wherease normal services like WEBGUI etc work fine.
  Please suggest if anyone came across this issue, especially after update to SP04.
  Thanks and Regards,
  Srikishan

  Hi,
  Thanks, I will check the note steps and close this thread accordingly.
  Perhaps I need to hone my notes searching skills !
  Regards,
  Srikishan

• HOW TO FIX SESSION TIMEOUT IN ITUNES

  This seems to be a common problem all over the internet!
  I can't purchase and download ANYTHING from the itunes store! My internet connection is fine, I've tried changing the time, the time-zone (of the computer), I've reinstalled itunes, restarted the computer, refreshed my internet... I'm on a Mac OS X 10.4.11 with itunes 9.
  Itunes asks me to agree to the terms and conditions, I accept and then BAM ... session timeout.
  Someone help me please! Its driving me insane!

  error -1
  Attempt to restore your iOS device two more times. If the issue is still unresolved, the device may need service.
  Apple advice

• Custom web parts in SharePoint 2013 becomes inactive when the session is idle for long time.

  Hi,
  We have a search center site with custom web parts and custom master pages. When the session is inactive for long time all the custom web parts in the page doesn't work, unless we close the browser and open it. Where as this is not the case with the
  OOB web parts. We are not able to identify the root cause as it works with OOB web parts and not the custom web parts.We were able to find that by increasing the session timeout of the web application we can avoid this issue.We do not want to increase the
  session timeout as the OOB web part works perfectly even when the user session is idle for long time.Is there any other alternative where we can acheive the same for custom web parts when the session is idle for long time?
  Thanks,
  Saranya

  Hi Saranya,
  According to your descirption, my understanding is that when the session is long time idle ,then custom web part will not work.
  I suggest you check if you have enable the session in the Page Level in the web.config. By default SharePoint disable the session state.
  In the web.config, you will see <page enableSessionState> tag. You can modify like below and test if it works.
  <pages enableSessionState=”true” ….. />
  Here is a detailed thread for your reference:
  Use Session State in SharePoint
  Best Regards
  Zhengyu Guo
  TechNet Community Support

• PPR and session timeout cookie

  Scott,
  Is there anyway of getting the PPR functionality to update the session timeout cookie whenever a PPR request is made???
  Thanks..

  I am using your session timeout function from otn.
  I am using it to timeout after a set period of inactivity, every time the page is redrawn the cookie time is updated.
  I am calling this function from the 'Session Verify Function' field in the authentication scheme, and initially setting the cookie on login.
  I believe that the cookie only gets updated when the page is re-drawn and the Session Verify Function is run??
  On a PPR request only part of the page is refreshed, the page header remains unaffected, which means the user can be active on a page without refreshing the timeout value on the cookie?
  (Not a major problem, but would be nice to be able to update the cookie on a PPR request as well)
  Thanks..

• HFM and Session Timeout

  Is there any way to change the time before you are automatically logged out of an HFM (or Workspace) web session due to inactivity?
  Thanks.
  Terri T.

  Hi,
  Try something like this:
  Workspace timeout settings:
  ● Application server session timeout— Time in minutes after which the application server
  times out a session if no requests are received for that session
  ❍ In \Workspace deployment\WEB-INF\web.xml:
  <session-config>
  <session-timeout>60 </session-timeout>
  </session-config>
  ❍ Default is 60 minutes
  Note:
  All Reporting and Analysis Web applications session timeouts should be greater than
  10 minutes.
  ● Workspace timeout—Time in minutes after which Workspace warns and logs out inactive
  users
  Workspace sends “keep alive” requests to all the application servers (Workspace, Financial
  Reporting, Web Analysis, and Oracle's Hyperion® Performance Scorecard – System 9). If
  there is no activity in Workspace per the session timeout setting, the user is warned that the
  session is about to end. If the user does not take action within 5 minutes, the user is logged
  out.
  ❍ In \conf\subcontext.properties of the Workspace Web application:
  KeepAliveInteral=10
  SessionTimeout=30
  22 Administration Tools and Tasks
  ❍ Default is 10 minutes for keep alive and 30 minutes for session timeout
  Regards,
  Marcin Kuzdra