Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Session management with JSP/Servlet on J2EE Engine


I'm trying to understand how to deal with session timeouts on the SAP J2EE Engine.

I am talking about servlets, web applications, configured with a Security Provider with SAML authentication.

I have found that by default, J2EE Engine is configured to use cookies (instead of url-rewriting), and that there is no expiration period.

How should I manage a simple timeout?

1) I have found the security provider-> Login

2) the web.xml parameter session-timeout

3) the web-j2ee-engine.xml parameter cookie with max-age attribute

I know that my web application (url) gets a SAML assertion and of course a SAP Logon Ticket is created.

But I need to know how to deal with default sessions.

Thanks for your input,

Tanguy Mezzano

Former Member
Former Member replied


The timeout period for HTTP sessions that are created in the corresponding Web application. After being inactive for the specified timeout, the HTTP sessions expire. The period is specified in minutes:

<!ELEMENT session-timeout (#PCDATA)>

You can only change the session timeout property in the applicationu2019s own deployment descriptors. This is not possible for the Global Web Descriptor.

following may help you:

[Additional Configuration Settings |]



0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question