Description of problem: Currently we do not specify TTL for HTTP session used for authentication, so used default, but even if we would do that, we should allow client to specify session TTL manually (via HTTP header) as user may have different use-cases that may require long run sessions.
This is a test blocker for scale tests, is any workarounds for this?
(In reply to comment #1) > This is a test blocker for scale tests, is any workarounds for this? yes, 1. change web.xml in restapi.war, e.g: in /jboss-as-.../standalone/deployments/engine.ear/restapi.war/WEB-INF/web.xml under <web-app> add this section: <session-config> <session-timeout>...</session-timeout> </session-config> (note TTL in minutes) 2. restart the jboss
Session TTL can be explicitly set by user now via "Session-TTL:xxx" HTTP header, Session-TTL is the time between client requests before the servlet container will invalidate this session. An interval value of zero or less indicates that the session should never timeout. (default TTL is 180 min)
Thanks. Configure in xml session-timeout == 600, my test run with open session 5.37 hours. Tested and work OK for me.
(In reply to comment #4) > Session TTL can be explicitly set by user now via "Session-TTL:xxx" > HTTP header, > > Session-TTL is the time between client requests before the servlet > container will invalidate this session. An interval value of zero > or less indicates that the session should never timeout. > > (default TTL is 180 min) just a side note that worth mentioning: in sake of security flows prevention, TTL can be set only during session initiation, i.e user has credentials (TTL cannot be changed during the session live-time)
*** Bug 926931 has been marked as a duplicate of this bug. ***
sf13
3.2 has been released