02-28-2007 7:22 PM
Hello all,
We are using basic login modules.
How can I restrict the session time of portal to 5 minutes per session? For example if user not responds for five minutes, I would like the login page will appear.
Thanks in advance
02-28-2007 8:43 PM
Yoel,
<\usr\sap\<SID>\<inst>\j2ee\cluster\server<#>\apps\sap.com\irj\servlet_jsp\irj\root\WEB-INF\web.xml>
<session-timeout>30</session-timeout>
Requires restart of the J2EE engine.
Take a look at /message/3061259#3061259 [original link is broken]
Cheers,
Ben
Please award points if helpful.
03-01-2007 8:57 AM
Are you referring to "Basic Authentication" when talking of "basic login modules"?
Well, such a time-driven session termination (due to idle usage) - in contrast to a user-initiated logoff - will <u>not</u> be successful in such cases where <b>credentials are stored on and exclusively controlled by the client</b>:
- Basic Authentication (remain valid until browser process is terminated)
- X.509 client certificates
- "Windows Integrated Authentication" (aka "SPNEGO")
Even if the session would be terminated by the server, the client could open a new session with the still existing credentials.
Only when using FORM-based authentication (i.e. an HTML logon screen) it is possible to terminate a session on the server side (without user interaction / without an http request from the user agent).
Regards, Wolfgang