AnsweredAssumed Answered

Session Timeout Configuration with AFTER_INACTIVITY enabled

Question asked by sgomez on Jan 26, 2010
Hi,

Could someone please explain or point to the right direction on the difference between the session-timeout config in web.xml and the property "validDuration" in authentication-services-context.xml?  Did a forum search and it seems people are using the session-timout config moreso than the validDuration property.  It seems like they perform similar tasks.

   <session-config>
      <session-timeout>60</session-timeout>
   </session-config>

I changed the session-timeout to 1 (assuming it was 1 minute) and after 1 minute, alfresco did not invalidate the ticket, as I thought it would do. 

What works is the property "validDuration" which I changed to value to PT1M (denoting 1 minute) and alfresco invalidated the ticket after 1 minute of inactivity.  Below is my configuration that ended up working:

    <property name="validDuration">
        <value>PT20M</value>
    </property>

    <property name="ticketsExpire">
        <value>true</value>
    </property>

      <!– If ticketsEpire is true then how they should expire –>
      <!– AFTER_INACTIVITY, AFTER_FIXED_TIME, DO_NOT_EXPIRE  –>
      <!– The default is AFTER_FIXED_TIME –>
    <property name="expiryMode">
        <value>AFTER_INACTIVITY</value>
    </property>

I would greatly appreciate it if someone could point me to an explanation of the two configurations.  Thanks in advance.

Outcomes