The HTTP Session time-out can be set in the following
places:
- From the Administrative Console at the server, Enterprise
application, and Web application levels
- At the time when the application is packaged
- In the application code
Setting the HTTP Session time-out from the Administrative Console
1. To set the HTTP Session time-out at the server level, navigate to
Servers > Application Servers > Your Server > Web
Container > Session Management.
In the Session time-out section of this window, you can select No
time-out or Set time-out by clicking the appropriate radio
button. If you choose to set the time-out, type the desired value in
minutes in the box.
2. To set the HTTP Session time-out at the Enterprise Application level,
navigate to Applications > Enterprise Applications > Your
Application > Session Management.
Check Override in the Override Session Management section, then
select to set the time-out and the time-out value. This sets the
application session to overwrite those values set at the parent, which in
this case is the Server level.
3. To set the HTTP Session time-out at the Web Application level, navigate
to Applications > Enterprise Applications > Your Application
> Web Module > Your Web App.war > Session Management.
Check Override in the Override Session Management section, then
select to set the time-out and the time-out value. This sets the
Application Session to overwrite those values set at the parent levels,
which in this case is the Server or Enterprise Application level.
After modifying these settings, save the master configuration.
Setting HTTP Session time-out when application is packaged
The application developer can also select to set the HTTP Session time-out
parameter when the application is packaged. This value is stored in the
web.xml file for the Web application.
This setting overrides any session time-outs defined from the
Administrative Console. Alter this setting by repackaging the application
with a new value, or by modifying the web.xml file. The entry in the
web.xml will be as follows:
<session-config> <ul>
<session-timeout>60</session-timeout>
</session-config></ul>
Where the "session-timeout" is an integer value for the desired session
time-out in minutes. Setting HTTP Session time-out from the application
code
Finally, the HTTP Session time-out can be set in the application code. The
programmer can invoke the setMaxInactiveInterval() method on HttpSession
object to set the time-out value as desired. This setting overrides any
time-out defined in the application package or made from the
Administrative Console.
HTTP Session time-out Override Precedence Summary
The list below shows the precedence from which the final HTTP Session
time-out is derived.
1. |
Server Level |
 |
Lowest level |
2. |
Enterprise Application |
 |
Overrides the Server Level if Override is
selected |
3. |
Web Application |
 |
Overrides the Server and Enterprise Application settings
if Override is selected |
4. |
Application Level (web.xml) |
 |
Overrides Server, Enterprise Application, and Web
Application settings |
5. |
Application Code |
 |
Overrides all other settings |
|