on 10-16-2008 2:30 PM
Hello,
I'm trying to understand how to deal with session timeouts on the SAP J2EE Engine.
I am talking about servlets, web applications, configured with a Security Provider with SAML authentication.
I have found that by default, J2EE Engine is configured to use cookies (instead of url-rewriting), and that there is no expiration period.
How should I manage a simple timeout?
1) I have found the security provider-> Login
2) the web.xml parameter session-timeout
3) the web-j2ee-engine.xml parameter cookie with max-age attribute
I know that my web application (url) gets a SAML assertion and of course a SAP Logon Ticket is created.
But I need to know how to deal with default sessions.
Thanks for your input,
Tanguy Mezzano
Hi,
The timeout period for HTTP sessions that are created in the corresponding Web application. After being inactive for the specified timeout, the HTTP sessions expire. The period is specified in minutes:
<!ELEMENT session-timeout (#PCDATA)>
You can only change the session timeout property in the applicationu2019s own deployment descriptors. This is not possible for the Global Web Descriptor.
following may help you:
[Additional Configuration Settings |http://help.sap.com/saphelp_erp2005vp/helpdata/en/a9/7a9602ad094b82a293f06d1cbe2c14/frameset.htm]
Regards,
Sahidur
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
89 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.