Session timeout
PolicyCenter creates a session for each browser connection. PolicyCenter uses the server’s session management capability to manage the session. Each individual session receives a security token that the PolicyCenter server preserves across multiple requests. The server validates each token against an internal store of valid tokens.
Typically, the server determines the session timeout value according to the following hierarchy.
Level |
Description |
|---|---|
Server |
The session timeout to use for all applications on the server if the timeout value is not set at a higher level. |
Enterprise application |
The session timeout specified at the enterprise application level. You can specify this value at the EAR file level. You can set the enterprise application session timeout value to override the server session timeout value. |
Web application |
The session timeout specified at the web application level. You can specify this value at the WAR file level. You can set the web application session timeout value to override the enterprise application and server session timeout values. |
Application level |
The session timeout specified in the application |
Application code |
An application can override any other session timeout value by
setting the following configuration parameters:
|
See also