White Paper CONFIGURING USER SESSION TIME OUT IN AN EMC® DOCUMENTUM® WEB DEVELOPMENT KIT-BASED WEB APPLICATION Abstract This white paper explains the configuration settings for timing out the logged in user session in a Documentum Web Development Kit-based applications. September 2012 Copyright © 2012 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided “as is.” EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. Part Number H11048 Configuring Session Time Out in Documentum Web Development Kit-based web applications 2 Table of Contents Executive Summary ................................................................................................. 4 Purpose.............................................................................................................................. 4 Audience................................................................................................................. 4 Introduction ............................................................................................................ 4 Web application timeout ......................................................................................... 5 Number of Sessions and Client Shutdown Session Time Out..................................... 5 Session management elements (<session_config>)............................................................. 5 Operations timeout ................................................................................................. 7 Virtual document operation timeout......................................................................... 7 Modified VDM action timeout (<modified_vdm_nodes>)...................................................... 7 a. <unsaved_changes_session_timeout> element in <modified_vdm_nodes> tag............. 7 Configuring Siteminder Session Timeouts ............................................................... 8 Maximum Timeout Enabled: ............................................................................................... 8 Idle Timeout Enabled:......................................................................................................... 8 Customizing timeout page ....................................................................................... 8 Tracing Session Timeout.......................................................................................... 9 Troubleshooting timeouts........................................................................................ 9 Conclusion............................................................................................................ 10 Configuring Session Time Out in Documentum Web Development Kit-based web applications 3 Executive Summary This white paper explains the various time out settings for the web application session and the repository session. This whitepaper is intended to explain how to configure number of web application sessions and number of repository sessions. As part of the effort to improve and enhance the performance and capabilities of its product line, EMC, from time to time releases revisions of its hardware and software. Therefore, some functions described in this guide may not be supported by all revisions of the software or hardware currently in use. For the most up-to-date information on product features, refer to your product Release Notes document. If a product does not function properly or does not function as described in this document, please contact your EMC representative. Note: We vouch that the content in this document is accurate at the time of publication. However, as information is added, new versions of this document may be released to the EMC online support website. Check the website to ensure that you are using the latest version of this document. Purpose This document explains the process of configuring the wdk based application timeout and repository timeout. Audience The audience for this white paper comprises personnel responsible for the configuration and administration of the application server production environment with regard to WDK-based web applications. This document is intended for internal EMC personnel, partners, and customers. Introduction As per the policy of one of the customers of EMC, every web application must allow users to timeout the application session and repository session. The requirement to use the application session timeout and repository session timeout is not restricted only to the Webtop application. It should be available in other WDK-based applications also. This document is relevant to Documentum version 6.6 products. By default, WDK-based applications can be timeout after 30 mins of user Idle time. Configuring Session Time Out in Documentum Web Development Kit-based web applications 4 Web application timeout The timeout of documentum based wdk web application is managed through the Java EE server. The Java EE servlet specification supports a <session-timeout> element in the web.xml deployment descriptor file. Locate the <session-config> element in <wdk-app>/WEB-INF/web.xml and change the timeout value (in minutes). For example: <session-config> <session-timeout>60</session-timeout> </session-config> Number of Sessions and Client Shutdown Session Time Out We can override the user’s HTTP session timeout when the client browser has closed without an explicit logout. When the user closes the browser window or navigates to an outside URL, the top frame unload event is triggered. The top frame unload event can cause the user session to be timed out. The <session_config> element in <web-app>/wdk/app.xml contains session management settings for maximum number of application server settings and Web application timeout. Copy this element and its contents to <web-app>/custom/app.xml to make your changes: Session management elements (<session_config>) a. <max_sessions> element in <session_config> tag <max_sessions> tag sets the maximum number (integer) of application server sessions. After the maximum number of sessions has been reached, requests are redirected to the JSP page <wdk-app>/wdk/serverBusy.jsp. A value of -1 means that there is no limit to the number of sessions. By default, wdk application does not have any limit to create the number of user sessions. b. <client_shutdown_session_timeout> element in <timeout_control> of <session_config>) element Configuring Session Time Out in Documentum Web Development Kit-based web applications 5 This tag specifies the number of seconds before the session will be shut down after the main frame has been unloaded by user action. Default = 120 seconds if no configuration element is present, minimum = 15 seconds. If the timeout is larger than the actual HTTP session timeout configured in web.xml, the session timeout will not be overridden. Sample snippet of <session_config> element in <web-app>/wdk/app.xml file. <session_config> <!-- Maximum number of user sessions. -1 denotes no session limit. --> <max_sessions>-1</max_sessions> <!-- Timeout management settings. --> <timeout_control> user <!-- Value of temporary timeout in seconds. This is the value set to the current session during operations that may lead to client shutdown. --> <client_shutdown_session_timeout>60</client_shutdown_session_timeout> <!-- For Accessibility users, The Warning session timeout is the interval before the actual timeout in 'minutes' should be of a value less than the sessiontimeout. Warning timeout = timeout interval - client_warning_session_timeout --> <client_warning_session_timeout>1</client_warning_session_timeout> <timeout_exclude_list> <exclude>/wdk/system/logoff/logoff.jsp</exclude> <exclude>/wdk/system/login/login.jsp</exclude> <exclude>/wdk/system/login/loginex.jsp</exclude> <exclude>/wdk/system/errormessage/errormessage.jsp</exclude> </timeout_exclude_list> <enable_session_timeout_alerts>false</enable_session_timeout_alerts> </timeout_control> <!-- Configurable session identifier instead of JSESSIONID (default value) (Has to be the same as in app server container) --> <http_session_identifier></http_session_identifier> </session_config> Configuring Session Time Out in Documentum Web Development Kit-based web applications 6 Operations timeout The form processor has a property that overrides the HTTP session timeout. The eventHandlerSessionTimeout property is used to set timeout in minutes during event processing. For example, if a delete operation for many objects is expected to take up to four hours to complete, increase this value to 240. This property is found in the file FormProcessorProp.properties located in <web-app>/WEBINF/classes/com/documentum/web/form folder. Virtual document operation timeout The <modified_vdm_nodes> element in <wdk-app>/webcomponent/app.xml sets the user’s session timeout value during actions that include unsaved virtual document changes. The timeout value for the user’s session will be set back to the application timeout value after the action completes. Note: Setting the timeout value to a large number could improve performance but can also result in data loss for users whose sessions time out during a lengthy action. Modified VDM action timeout (<modified_vdm_nodes>) a. <unsaved_changes_session_timeout> element in <modified_vdm_nodes> tag It resets the user’s session timeout in seconds when an action on unsaved virtual document nodes has begun. The default value of -1 ensures that the session does not time out until the action has completed. This may have a performance impact. By default, below is the sample snippet of code in <wdkapp>/webcomponent/app.xml file <modified_vdm_nodes> <!-- Value of unsaved changes timeout in seconds. This is the value set to the current user session during actions that include unsaved vdm changes. (-1 = session never expires) --> Configuring Session Time Out in Documentum Web Development Kit-based web applications 7 <unsaved_changes_session_timeout>-1</unsaved_changes_session_timeout> </modified_vdm_nodes> Configuring Siteminder Session Timeouts The user can configure the Session Timeouts under Site Minder Realm Dialog. There are two timeout settings available under this section. Maximum Timeout Enabled: If set, the values specified in the associated Hours and Minutes fields determine the maximum amount of time a user session can be active before the Agent challenges the user to re-authenticate. This setting is enabled by default. The default maximum session length is two hours. Idle Timeout Enabled: This setting is enabled by default. To specify no session idle timeout, clear the checkbox. The default session idle timeout is one hour. The session actually expires after the specified idle timeout value. The best practice recommended is session expiry time of app server and session expiry of SSO cookie should be identical. If business policy does not allow this kind of setting, we suggest to keep app server timeout less than or equal to SSO cookie timeout. Example Settings: Maximum Timeout Enabled = 3 hrs Idle Timeout Enabled = 1 hrs App Server Session Timeout = 40 mins Customizing timeout page A timeout page, timeout.jsp, is displayed for HTTP session timeout. Modify this page to redirect the user to a login page or other timeout component. In the following example, the virtual root global variable is resolved by the <dmf:webform> tag in the JSP page: function loginRedirect() { Configuring Session Time Out in Documentum Web Development Kit-based web applications 8 getTopLevelWnd().location.replace( g_virtualRoot+"/component/main"); } Tracing Session Timeout WDK tracing flags are enumerated in the WDK resource file TraceProp.properties located in WEB-INF/classes/com/documentum/debug. This file contains all tracing flags that are defined in your application. If there is an unknown flag in this file, the Trace class initialization will generate a warning message but will continue. Tracing flags in com.documentum.web.test are not supported. Note: You must enable tracing for the current session using one of the following methods: • Set the SESSION flag (mandatory) and another other flags you require in TraceProp.properties and then restart the application server. • Use a browser to navigate to wdk/tracing.jsp and check the box that enables tracing. Enable tracing for all sessions for setting SESSIONENABLEDBYDEFAULT to true in WEB-INF/classes/com/documentum/debug/TraceProp.properties SESSIONTIMEOUTCONTROL Traces changes to the HTTP session timeout defaults through the SessionTimeoutControl servlet SESSION Traces Documentum session binding and unbinding to HTTP session. SESSION tracing must be enabled for all other tracing flags Troubleshooting timeouts If the user modifies the URL to go to a component, the sessionwill time out in one minute because the top frame containing the session timeout controlhas been unloaded. For example, if the user changes the URL from http://server/webtop to http://server/webtop/component/mycomponent, the session will time out in one minute or less. Configuring Session Time Out in Documentum Web Development Kit-based web applications 9 Conclusion This white paper provides information about WDK-based application timeout settings and how to configure number of client sessions for documentum based wdk application. Configuring Session Time Out in Documentum Web Development Kit-based web applications 10
© Copyright 2025 Paperzz