Session management with JSP/Servlet on J2EE Engine
I'm trying to understand how to deal with session timeouts on the SAP J2EE Engine.
I am talking about servlets, web applications, configured with a Security Provider with SAML authentication.
How should I manage a simple timeout?
1) I have found the security provider-> Login
2) the web.xml parameter session-timeout
3) the web-j2ee-engine.xml parameter cookie with max-age attribute
I know that my web application (url) gets a SAML assertion and of course a SAP Logon Ticket is created.
But I need to know how to deal with default sessions.
Thanks for your input,
Sahidur Middya replied
The timeout period for HTTP sessions that are created in the corresponding Web application. After being inactive for the specified timeout, the HTTP sessions expire. The period is specified in minutes:
<!ELEMENT session-timeout (#PCDATA)>
You can only change the session timeout property in the applicationu2019s own deployment descriptors. This is not possible for the Global Web Descriptor.
following may help you:
[Additional Configuration Settings |http://help.sap.com/saphelp_erp2005vp/helpdata/en/a9/7a9602ad094b82a293f06d1cbe2c14/frameset.htm]