Solved: Session management with JSP/Servlet on J2EE Engine

Former Member · ‎10-16-2008

Hello,

I'm trying to understand how to deal with session timeouts on the SAP J2EE Engine.

I am talking about servlets, web applications, configured with a Security Provider with SAML authentication.

I have found that by default, J2EE Engine is configured to use cookies (instead of url-rewriting), and that there is no expiration period.

How should I manage a simple timeout?

1) I have found the security provider-> Login

2) the web.xml parameter session-timeout

3) the web-j2ee-engine.xml parameter cookie with max-age attribute

I know that my web application (url) gets a SAML assertion and of course a SAP Logon Ticket is created.

But I need to know how to deal with default sessions.

Thanks for your input,

Tanguy Mezzano

Former Member · ‎10-17-2008

Hi,

The timeout period for HTTP sessions that are created in the corresponding Web application. After being inactive for the specified timeout, the HTTP sessions expire. The period is specified in minutes:

<!ELEMENT session-timeout (#PCDATA)>

You can only change the session timeout property in the applicationu2019s own deployment descriptors. This is not possible for the Global Web Descriptor.

following may help you:

[Additional Configuration Settings |http://help.sap.com/saphelp_erp2005vp/helpdata/en/a9/7a9602ad094b82a293f06d1cbe2c14/frameset.htm]

Regards,

Sahidur

Session management with JSP/Servlet on J2EE Engine

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

Re: Prepare step - not completed for Service Order

Prepare step - not completed for Service Order

Re: User Deprovisioning Signavio

Characteristic and Class Assignment UIBB Missing f...

Reduction in HANA DB Memory