White Paper - Configuring Session Time Out in Documentum

White Paper
CONFIGURING USER SESSION TIME OUT IN AN
EMC® DOCUMENTUM® WEB DEVELOPMENT
KIT-BASED WEB APPLICATION
Abstract
This white paper explains the configuration settings for timing
out the logged in user session in a Documentum Web
Development Kit-based applications.
September 2012
Copyright © 2012 EMC Corporation. All Rights Reserved.
EMC believes the information in this publication is accurate as
of its publication date. The information is subject to change
without notice.
The information in this publication is provided “as is.” EMC
Corporation makes no representations or warranties of any kind
with respect to the information in this publication, and
specifically disclaims implied warranties of merchantability or
fitness for a particular purpose.
Use, copying, and distribution of any EMC software described in
this publication requires an applicable software license.
For the most up-to-date listing of EMC product names, see EMC
Corporation Trademarks on EMC.com.
Part Number H11048
Configuring Session Time Out in Documentum Web Development Kit-based web
applications
2
Table of Contents
Executive Summary ................................................................................................. 4 Purpose.............................................................................................................................. 4 Audience................................................................................................................. 4 Introduction ............................................................................................................ 4 Web application timeout ......................................................................................... 5 Number of Sessions and Client Shutdown Session Time Out..................................... 5 Session management elements (<session_config>)............................................................. 5 Operations timeout ................................................................................................. 7 Virtual document operation timeout......................................................................... 7 Modified VDM action timeout (<modified_vdm_nodes>)...................................................... 7 a. <unsaved_changes_session_timeout> element in <modified_vdm_nodes> tag............. 7 Configuring Siteminder Session Timeouts ............................................................... 8 Maximum Timeout Enabled: ............................................................................................... 8 Idle Timeout Enabled:......................................................................................................... 8 Customizing timeout page ....................................................................................... 8 Tracing Session Timeout.......................................................................................... 9 Troubleshooting timeouts........................................................................................ 9 Conclusion............................................................................................................ 10 Configuring Session Time Out in Documentum Web Development Kit-based web
applications
3
Executive Summary
This white paper explains the various time out settings for the web application
session and the repository session. This whitepaper is intended to explain how to
configure number of web application sessions and number of repository sessions.
As part of the effort to improve and enhance the performance and capabilities of its
product line, EMC, from time to time releases revisions of its hardware and software.
Therefore, some functions described in this guide may not be supported by all
revisions of the software or hardware currently in use. For the most up-to-date
information on product features, refer to your product Release Notes document.
If a product does not function properly or does not function as described in this
document, please contact your EMC representative.
Note: We vouch that the content in this document is accurate at the time of
publication. However, as information is added, new versions of this document may be
released to the EMC online support website. Check the website to ensure that you
are using the latest version of this document.
Purpose
This document explains the process of configuring the wdk based application timeout
and repository timeout.
Audience
The audience for this white paper comprises personnel responsible for the
configuration and administration of the application server production environment
with regard to WDK-based web applications. This document is intended for internal
EMC personnel, partners, and customers.
Introduction
As per the policy of one of the customers of EMC, every web application must allow
users to timeout the application session and repository session.
The requirement to use the application session timeout and repository session
timeout is not restricted only to the Webtop application. It should be available in
other WDK-based applications also.
This document is relevant to Documentum version 6.6 products.
By default, WDK-based applications can be timeout after 30 mins of user Idle time.
Configuring Session Time Out in Documentum Web Development Kit-based web
applications
4
Web application timeout
The timeout of documentum based wdk web application is managed through the Java
EE server. The Java EE servlet specification supports a <session-timeout> element in
the web.xml deployment descriptor file.
Locate the <session-config> element in <wdk-app>/WEB-INF/web.xml and change the
timeout value (in minutes).
For example:
<session-config>
<session-timeout>60</session-timeout>
</session-config>
Number of Sessions and Client Shutdown Session Time Out
We can override the user’s HTTP session timeout when the client browser has closed
without an explicit logout. When the user closes the browser window or navigates to
an outside URL, the top frame unload event is triggered. The top frame unload event
can cause the user session to be timed out.
The <session_config> element in <web-app>/wdk/app.xml contains session
management settings for maximum number of application server settings and
Web application timeout.
Copy this element and its contents to <web-app>/custom/app.xml to make your
changes:
Session management elements (<session_config>)
a. <max_sessions> element in <session_config> tag
<max_sessions> tag sets the maximum number (integer) of application server
sessions. After the maximum number of sessions has been reached, requests are
redirected to the JSP page <wdk-app>/wdk/serverBusy.jsp.
A value of -1 means that there is no limit to the number of sessions. By default, wdk
application does not have any limit to create the number of user sessions.
b. <client_shutdown_session_timeout> element in <timeout_control> of <session_config>)
element
Configuring Session Time Out in Documentum Web Development Kit-based web
applications
5
This tag specifies the number of seconds before the session will be shut down after
the main frame has been unloaded by user action. Default = 120 seconds if no
configuration element is present, minimum = 15 seconds. If the timeout is larger than
the actual HTTP session timeout configured in web.xml, the session timeout will not
be overridden.
Sample snippet of <session_config> element in <web-app>/wdk/app.xml file.
<session_config>
<!-- Maximum number of user sessions. -1 denotes no session limit. -->
<max_sessions>-1</max_sessions>
<!-- Timeout management settings. -->
<timeout_control>
user
<!-- Value of temporary timeout in seconds. This is the value set to the current
session during operations that may lead to client shutdown. -->
<client_shutdown_session_timeout>60</client_shutdown_session_timeout>
<!-- For Accessibility users, The Warning session timeout is the interval before
the actual timeout in 'minutes' should be of a value less than the sessiontimeout.
Warning timeout = timeout interval - client_warning_session_timeout
-->
<client_warning_session_timeout>1</client_warning_session_timeout>
<timeout_exclude_list>
<exclude>/wdk/system/logoff/logoff.jsp</exclude>
<exclude>/wdk/system/login/login.jsp</exclude>
<exclude>/wdk/system/login/loginex.jsp</exclude>
<exclude>/wdk/system/errormessage/errormessage.jsp</exclude>
</timeout_exclude_list>
<enable_session_timeout_alerts>false</enable_session_timeout_alerts>
</timeout_control>
<!-- Configurable session identifier instead of JSESSIONID (default value)
(Has to be the same as in app server container) -->
<http_session_identifier></http_session_identifier>
</session_config>
Configuring Session Time Out in Documentum Web Development Kit-based web
applications
6
Operations timeout
The form processor has a property that overrides the HTTP session timeout.
The eventHandlerSessionTimeout property is used to set timeout in minutes during
event processing.
For example, if a delete operation for many objects is expected to take up to four
hours to complete, increase this value to 240. This property is found in the file
FormProcessorProp.properties located in <web-app>/WEBINF/classes/com/documentum/web/form folder.
Virtual document operation timeout
The <modified_vdm_nodes> element in <wdk-app>/webcomponent/app.xml sets the
user’s session timeout value during actions that include unsaved virtual document
changes. The timeout value for the user’s session will be set back to the application
timeout value after the action completes.
Note: Setting the timeout value to a large number could improve performance but can
also result in data loss for users whose sessions time out during a lengthy action.
Modified VDM action timeout (<modified_vdm_nodes>)
a. <unsaved_changes_session_timeout> element in <modified_vdm_nodes> tag
It resets the user’s session timeout in seconds when an action on unsaved virtual
document nodes has begun. The default value of -1 ensures that the session does not
time out until the action has completed. This may have a performance impact.
By default, below is the sample snippet of code in <wdkapp>/webcomponent/app.xml file
<modified_vdm_nodes>
<!-- Value of unsaved changes timeout in seconds. This is the value set to the
current user session during actions that include unsaved vdm changes. (-1 = session
never expires) -->
Configuring Session Time Out in Documentum Web Development Kit-based web
applications
7
<unsaved_changes_session_timeout>-1</unsaved_changes_session_timeout>
</modified_vdm_nodes>
Configuring Siteminder Session Timeouts
The user can configure the Session Timeouts under Site Minder Realm Dialog. There
are two timeout settings available under this section.
Maximum Timeout Enabled:
If set, the values specified in the associated Hours and Minutes fields determine the
maximum amount of time a user session can be active before the Agent challenges
the user to re-authenticate. This setting is enabled by default. The default maximum
session length is two hours.
Idle Timeout Enabled:
This setting is enabled by default. To specify no session idle timeout, clear the
checkbox. The default session idle timeout is one hour. The session actually expires
after the specified idle timeout value.
The best practice recommended is session expiry time of app server and session
expiry of SSO cookie should be identical. If business policy does not allow this kind
of setting, we suggest to keep app server timeout less than or equal to SSO cookie
timeout.
Example Settings:
Maximum Timeout Enabled = 3 hrs
Idle Timeout Enabled = 1 hrs
App Server Session Timeout = 40 mins
Customizing timeout page
A timeout page, timeout.jsp, is displayed for HTTP session timeout. Modify this page
to redirect the user to a login page or other timeout component. In the following
example, the virtual root global variable is resolved by the <dmf:webform> tag in the
JSP page:
function loginRedirect()
{
Configuring Session Time Out in Documentum Web Development Kit-based web
applications
8
getTopLevelWnd().location.replace( g_virtualRoot+"/component/main");
}
Tracing Session Timeout
WDK tracing flags are enumerated in the WDK resource file TraceProp.properties
located in WEB-INF/classes/com/documentum/debug. This file contains all tracing
flags that are defined in your application. If there is an unknown flag in this file, the
Trace class initialization will generate a warning message but will continue. Tracing
flags in com.documentum.web.test are not supported.
Note: You must enable tracing for the current session using one of the following
methods:
• Set the SESSION flag (mandatory) and another other flags you require in
TraceProp.properties and then restart the application server.
• Use a browser to navigate to wdk/tracing.jsp and check the box that enables
tracing.
Enable tracing for all sessions for setting SESSIONENABLEDBYDEFAULT to true in
WEB-INF/classes/com/documentum/debug/TraceProp.properties
SESSIONTIMEOUTCONTROL Traces changes to the HTTP session timeout
defaults through the SessionTimeoutControl servlet
SESSION Traces Documentum session binding and unbinding to HTTP session.
SESSION tracing must be enabled for all other tracing flags
Troubleshooting timeouts
If the user modifies the URL to go to a component, the sessionwill time out in one
minute because the top frame containing the session timeout controlhas been
unloaded.
For example, if the user changes the URL from http://server/webtop to
http://server/webtop/component/mycomponent, the session will time out in one
minute or less.
Configuring Session Time Out in Documentum Web Development Kit-based web
applications
9
Conclusion
This white paper provides information about WDK-based application timeout settings
and how to configure number of client sessions for documentum based wdk
application.
Configuring Session Time Out in Documentum Web Development Kit-based web
applications
10