It is possible to set the HTTP Session time-out in various places on the IBM® WebSphere® Application Server Administrative Console. It is also possible to set HTTP Session time-out for the application packaging process.
Since Session time-out can be set in multiple places, it is necessary to understand how the ultimate Session time-out for an application is determined.
Application needs HTTP session time-out set.
Resolving the problem
The HTTP Session time-out can be set in the following places:
- From the Administrative Console at the server, Enterprise application, and Web application levels
- At the time when the application is packaged
- In the application code
Setting the HTTP Session time-out from the Administrative Console
1. To set the HTTP Session time-out at the server level, navigate to Servers > Application Servers > Your Server > Web Container > Session Management.
In the Session time-out section of this window, you can select No time-out or Set time-out by clicking the appropriate radio button. If you choose to set the time-out, type the desired value in minutes in the box.
2. To set the HTTP Session time-out at the Enterprise Application level, navigate to Applications > Enterprise Applications > Your Application > Session Management.
Check Override in the Override Session Management section, then select to set the time-out and the time-out value. This sets the application session to overwrite those values set at the parent, which in this case is the Server level.
3. To set the HTTP Session time-out at the Web Application level, navigate to Applications > Enterprise Applications > Your Application > Web Module > Your Web App.war > Session Management.
Check Override in the Override Session Management section, then select to set the time-out and the time-out value. This sets the Application Session to overwrite those values set at the parent levels, which in this case is the Server or Enterprise Application level.
After modifying these settings, save the master configuration.
Setting HTTP Session time-out when application is packaged
The application developer can also select to set the HTTP Session time-out parameter when the application is packaged. This value is stored in the web.xml file for the Web application.
This setting overrides any session time-outs defined from the Administrative Console. Alter this setting by repackaging the application with a new value, or by modifying the web.xml file. The entry in the web.xml will be as follows:
Where the "session-timeout" is an integer value for the desired session time-out in minutes.
Finally, the HTTP Session time-out can be set in the application code. The programmer can invoke the setMaxInactiveInterval() method on HttpSession object to set the time-out value as desired. This setting overrides any time-out defined in the application package or made from the Administrative Console.
HTTP Session time-out Override Precedence Summary
The list below shows the precedence from which the final HTTP Session time-out is derived.
|1.||Server Level||Lowest level|
|2.||Enterprise Application||Overrides the Server Level if Override is selected|
|3.||Web Application||Overrides the Server and Enterprise Application settings if Override is selected|
|4.||Application Level (web.xml)||Overrides Server, Enterprise Application, and Web Application settings|
|5.||Application Code||Overrides all other settings|