Questions around portal session management
I have few questions around SAP portal session management.
We are using HTTP method for the portal and portal is on version NW 7.3 . I have also found that SAP logon ticket have a lifetime of 8 hours by default.
Any help in this regard would be very much helpful.
Below are the situations when I need help :
1) When the user clicks logoff button in the SAP portal, the associated cookies should also get deleted. Here we are also considering usage of multiple tabs in the same browser window or usage of multiple windows.
Objective is to delete the associated cookies from the browser.
2) When the user clicks 'X' button on the top right side of the window (closes the browser), cookies should also get deleted.
3) If the users keep session idle for sometime, say 30 mins or 1 hour, session should get timed-out and user should be prompted for authentication.
We have checked that user's session in the backend is getting timed-out, but since the SAP logon ticket gets stored in the browser and has a validity of 8 hours, users session in the portal is still active. So if users refreshes the page in the browser, the session is getting recreated in the backend.
Thanks & Regards,