Configuring session timeout

The amount of time that passes before a session times out can be configured. If the toolkit is using cookies, WebSphere Application Server handles the detection of timed out sessions. In this case, configure the timeout from the WebSphere Administrative Console as follows:
  1. Select your application server in the left pane (typically the Default Server.)
  2. Select the Services tab in the right pane, and select the Session Manager Service.
  3. Click Edit Properties and select the Advanced tab on the displayed window.
  4. In the Set timeout field, set the timeout in minutes.

If the toolkit is not using cookies, the CSServer handles a session timing out. Set the timeout value as part of its definition as follows:

<CSServer id="realCSServer" inactivityClientTimeout="1800000" 
    timeBetweenSessionCheck="3600000" appSessionTimeout="30000" /> 

The inactivityClientTimeout attribute sets the actual expiration timeout of the session and the timeBetweenSessionCheck determines how often the thread that searches for expired sessions performs this task. Both are set in milliseconds. In this example, the session expires after 30 minutes of inactivity (1800000) and the thread that will detect expired sessions is activated each hour (3600000).