...
- Stop the database and web/application servers used by the application.
Specify the session timeout duration in the web.xml file in the application WAR on the app server. The following code snippet serves as a sample reference:
Code Block language xml <session-config> <session-timeout>15</session-timeout> </session-config> <!-- Here, the session timeout is set to 15 minutes, which means if there is no user activity for 15 minutes, the session will timeout and the user is forced to log-on again. -->Note title Note The session timeout must be configured in minutes.
Alternatively, you can specify the session timeout duration in the properties file as follows:
Code Block language xml SESSION_SET_MAX_INACTIVE_INTERVAL = 15
Tip title Info If you specify the session timeout duration in both the web.xml file and the systempreferences.properties file, the web.xml configuration is given the higher priority.
Note title Note- For sticky session, proceed to step three.
- For non-sticky session, proceed to step four.
To manage server session storage for a sticky session, specify the appropriate implementation class in the systempreferences.properties file, as shown in the following sample code snippet:
Code Block language xml SESSION_STORE_IMPL_CLASS=com.intellectdesign.canvas.login.sessions.impl.ServerSessionProviderImpl
Note title NoteThe default implementation class, provided by Canvas for server session storage in Sticky session is com.intellectdesign.canvas.login.sessions.impl.ServerSessionProviderImpl. It implements the IServerSessionProvider class.
Proceed to step five.
- Perform any of the following steps for non-sticky session:
To store the non-sticky session on database server, specify the appropriate implementation class in the systempreferences.properties file, as shown in the following code snippet:
Code Block language xml SESSION_STORE_IMPL_CLASS=com.intellectdesign.canvas.login.sessions.impl.DatabaseSessionProviderImpl
Note title NoteIn MYSQL and Oracle database environments, the stored sessions can be found in the od_session_log table. You can even use your own customized implementation class to define the database session storage.
To store the non-sticky session on Redis server, specify the appropriate implementation class in the systempreferences.properties file, as shown in the following code snippet:
Code Block language xml SESSION_STORE_IMPL_CLASS=com.intellectdesign.canvas.login.sessions.impl.RedisSessionProviderImpl
Tip title Info You can even use your own customized implementation class to define the session storage in Redis.
Note title NoteSession Purge enables the deletion of users' sessions. The main purpose of session purge is to terminate the orphaned sessions. Orphaned sessions are inactive sessions, which tend to waste the session storage capacity that could adversely affect session timeouts. In order to eliminate orphaned sessions, session purge can be effectively used to terminate the inactive session intervals, which paves the way for effective and efficient session timeouts.
The Session Purge Initial Delay specifies the first instance of triggering the deletion of the purged user sessions, whereas Session Purge Delay specifies the stipulated time in deleting the users' purged sessions, thereby resulting in feasible session timeouts.To configure session purge, perform the following step:
Specify the durations of the Session Purge Initial Delay and Session Purge Delay in the systempreferences.properties file, as shown in the following sample code snippet:
Code Block language xml SESSION_PURGE_INITAL_DELAY = 1000 SESSION_PURGE_DELAY = 3000000
Note title NoteIt is mandatory for you to specify the durations of Session Purge Initial Delay and Session Purge Delay in milliseconds.
- Restart the servers.