Configure the Release Session
Release timeout
In Release, you can configure the time that a user can remain logged in without using the GUI. After this timeout, the user will be logged out.
The timeout only applies during one browser session. If the user closes the browser, Release automatically logs the user out.
To configure the timeout:
- Open
<XL_RELEASE_SERVER_HOME>/conf/xl-release-server.conf
. - Locate the
client.session.timeout.minutes
setting. - Change it to the number of minutes Release should wait before logging the user out. The default value of
0
means that no timeout is configured. - Save the file.
- Restart the Release server.
If the client.session.timeout.minutes
value is set to 0
, and a user session is inactive for more than 30 days, it will be automatically purge from the session database if session storage is enabled.
Configure release session
Configuring the session storage settings
In Release, you can configure the session storage to enable clustered sessions without being tied to an application container. The session data will be stored in the database.
To configure the session storage settings:
-
Add the
xl
,server
andsession
properties to theXL_RELEASE_SERVER_HOME/conf/xl-release.conf
configuration file. -
In the
session
property, add an additionalstorage
property. This property identifies the predefined session storage configuration you wish to use. The supported values are:Parameter Description enabled
Whether to enable session storage. Default is true. cleanup-cron
Cron expression to cleanup expired session data on regular intervals. Default is "0 0/5 * * * *"
Sample session storage settings
xl {
server {
session {
storage {
enabled = true
cleanup-cron = "0 0/5 * * * *"
}
}
}
}
Make sure to add the snippet above to all of the cluster nodes.
Configure session timeout and remember-me cookie
Add the following properties to the xl-release-server.conf
file in order to configure session timeout and the remember-me cookie:
client.session.timeout.minutes=20
client.session.remember.enabled=true
Configure remember-me token validity
You can now configure remember-me
token validity, and the default value is 30 days. for example
xl {
server {
session {
remember-me {
tokenValidity = 30 days
}
}
}
}
Configure number of allowed concurrent sessions
Add a configuration parameter to restrict maximum number of concurrent sessions.
xl {
server {
session {
maximumSessions = -1 // -1 to allow unlimited logins, or a positive integer to specify a maximum
exceptionIfMaximumExceeded = false // false to forcibly logged out the user that has already authenticated. true to throw an exception and prevent user to login.
storage {...}
}
}
}