Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Joget has 2 types of session timeouts. They are:-

  • Soft timeout
  • Hard session timeout

Table of Contents

Soft Timeout

Joget's session manager implementations are set to a default 30 minute session timeout after which the user will be logged out due to the inactivity. 

Go to System Settings > Directory Manager Settings > Configure Plugin (Security Enhanced Directory Manager)"Allow Session Timeout" is checked by default.

Image RemovedImage Added

To change the soft timeout period, open web.xml in apache in apache-tomcat-6x.0x.18xx\conf\ directory and change the tome time period in Session session-timeout tag.

Code Block





Using the default Directory Manager:
1. While the browser window is still open, the session will be kept alive regardless of the web.xml session-timeout setting. This is based on the assumption that the user is still doing long running work in the browser (e.g. building a form, etc), so the user isn't logged out unnecessarily.
2. If the browser window is not open, then the session will time out timeout according to the session-timeout setting.

Using the Security Enhanced Directory Manager:
1. If the Allow Session Timeout (Inactivity Timeout) is unchecked, then the behavior is similar to the default Directory Manager.
2. If the Allow Session Timeout (Inactivity Timeout) is checked, then the session will time out timeout following the session-timeout setting regardless of whether the browser window is open or not.

Hard Session Timeout

Hard session Timeout makes a user log out irrelevant to the activityIt is set to 8 hours in the plugin and can be changed.  timeout will force a user logout regardless of any user activity.

Go to System Settings>Directory Manager Settings>Configure Settings > Directory Manager Settings > Configure Plugin(Security Enhanced Directory Manager).

Image RemovedImage Added