Help

Feature Discussions

Closeing inactive Sessions

Status: Already Offered Submitted by on ‎04-22-2016 04:31 AM

Firstspirit should automatically close inactive session within 1 hour (Time should be configurable).

Clients with a lot of Editors often complain about the session load on the project. Firstspirit should implement a session timeout for the java client by default or better configureable.

In our case, anyway, a webseal kills the session by default after 1 hour of inactivity what causes the client to loose connection to the Server. This results in a huge amount of ZombieSessions on the Server.

4 Comments
isenberg
I'm new here
‎05-02-2016 06:31 AM
‎05-02-2016 06:31 AM

I assume, the specification you asked for is to close a session automatically after the SiteArchitect lost its network connection or in case of the ContentCreator, that the user just closed the browser window instead of using the "logout" button. Let's call that "idle session timeout".

Or do you mean closing a client automatically, if no user input is recognized over a specific time duration by the client? Let's call that "idle user timeout".

For the "idle session timeout" on sessions created by the SiteArchitect or ServerManager, add the following line to firstspirit5/conf/fs-server.conf:


# SiteArchitect Session Timeout in seconds, default 1200

sessionmanager.timeout=120


For the "idle session timeout" on sessions created by the ContentCreator, add the following lines to the project specific web.xml via the FirstSpirit ServerManager for the ContentCreator WebApp if you are using the embedded Jetty on FirstSpirit, or to a central default web.xml for all applications if you are using Tomcat or other WebApp server. Using firstspirit5/server/jetty/webdefault.xml for the Jetty is not recommended as it will be overwritten automatically by FirstSpirit on Updates or even restarts.

<session-config>

     <!-- in minutes -->

     <session-timeout>2</session-timeout>

</session-config>

About the Webseal timeout, if "idle user session" is meant:

I'm wondering how the Webseal as WAF is detecting inactivity of the FirstSpirit SiteArchitect. The SiteArchitect sends a "ping" over the FirstSpirit protocol, which is encapsulated by http or https, every second, even if the FirstSpirit user on the client is idle.

kscheuing
I'm new here
‎06-01-2016 03:09 AM
‎06-01-2016 03:09 AM

Hi Holger,

thanks for the input. I agree to your wording. I will test your suggsestions about idle session timeout in the next release.

About the idle user session.. i have to check that again. Some users complained about that issue. I would get back to you if i can verify it.

feddersen
Community Manager
Community Manager
‎05-05-2017 02:41 PM
‎05-05-2017 02:41 PM

As mentioned by Holger, there already is a session timeout. Please contact our technical support if you're still experiencing "zombie sessions" so that we can identify root cause.

AuM
I'm new here
‎10-02-2017 05:21 AM
‎10-02-2017 05:21 AM

Thanks for the valuable insights on the session timeout!

It would be even better to mention this in the admin documentation, don't you think?