Session Management

Joget has 2 types of session timeouts:

Soft Timeout

Joget's session manager implementations set a default 30 minute session timeout after which the user will be logged out due to the inactivity. 

Go to System Settings > Directory Manager Settings > Configure Plugin (Security Enhanced Directory Manager).

To change the soft timeout period, open web.xml in apache-tomcat-x.x.xx\conf\ directory and change the time period in session-timeout tag.




Using the default Directory Manager:
1. While the browser window is still open, the session will be kept alive regardless of the web.xml session-timeout setting. This is based on the assumption that the user is still doing long running work in the browser (e.g. building a form, etc), so the user isn't logged out unnecessarily.
2. If the browser window is not open, then the session will timeout according to the session-timeout setting.

Using the Security Enhanced Directory Manager:
1. If the Allow Session Timeout (Inactivity Timeout) is unchecked, then the behavior is similar to the default Directory Manager.
2. If the Allow Session Timeout (Inactivity Timeout) is checked, then the session will timeout following the session-timeout setting regardless of whether the browser window is open or not.

Hard Session Timeout

Hard session timeout will force a user logout regardless of any user activity.

Go to System Settings > Directory Manager Settings > Configure Plugin(Security Enhanced Directory Manager).

You are able to change the Hard Session Timeout period to a predetermined amount of hours. In accordance with the current best practices, Joget does not offer the option to set the timer lower than 8 hours within the app. However, if you are insistent on customizing the value, you are able to do so by changing a couple values inside the database.

To customize the Hard Session Timeout period:

  1. Using a database manager, query as follows:
    1. SELECT * FROM wf_setup WHERE property="directoryManagerImplProperties";
  2. In the "value" column, copy and paste the data into any notepad program.
  3. Search for the string "hardSessionTimeoutHours":"8" and change the value to "hardSessionTimeoutHours":"1".
  4. Paste the data back into the table "value" column and save the record.

The idle session timeout setting is an Apache Tomcat feature, it is not a Joget feature. Kindly read here for more information on the idle session timeout setting in Apache Tomcat. From other users' experiences, some timeout issues may be caused by some web proxy software and were resolved after the client switched to Apache web proxy.

  • No labels