Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Portal time out

Former Member

‎02-28-2007 7:22 PM

0 Kudos

Hello all,

We are using basic login modules.

How can I restrict the session time of portal to 5 minutes per session? For example if user not responds for five minutes, I would like the login page will appear.

Thanks in advance

2 REPLIES 2

Former Member

‎02-28-2007 8:43 PM

0 Kudos

Yoel,

<\usr\sap\<SID>\<inst>\j2ee\cluster\server<#>\apps\sap.com\irj\servlet_jsp\irj\root\WEB-INF\web.xml>

<session-timeout>30</session-timeout>

Requires restart of the J2EE engine.

Take a look at /message/3061259#3061259 [original link is broken]

Cheers,

Ben

Please award points if helpful.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎03-01-2007 8:57 AM

0 Kudos

Are you referring to "Basic Authentication" when talking of "basic login modules"?

Well, such a time-driven session termination (due to idle usage) - in contrast to a user-initiated logoff - will <u>not</u> be successful in such cases where <b>credentials are stored on and exclusively controlled by the client</b>:

- Basic Authentication (remain valid until browser process is terminated)

- X.509 client certificates

- "Windows Integrated Authentication" (aka "SPNEGO")

Even if the session would be terminated by the server, the client could open a new session with the still existing credentials.

Only when using FORM-based authentication (i.e. an HTML logon screen) it is possible to terminate a session on the server side (without user interaction / without an http request from the user agent).

Regards, Wolfgang