Sun Identity Manager 8.1 Business Administrator's Guide

During Use

To reduce security risks during use:

If your application server is Servlet 2.2-compliant, the Identity Manager installation process sets the HTTP session timeout to a default value of 30 minutes. You can change this value by editing the property; however, you should set the value lower to increase security. Do not set the value higher than 30 minutes.

ProcedureTo Change the Session Timeout Value

  1. Edit the web.xml file, which is located in theidm/WEB-INF directory in your application server directory tree.

  2. Change the number value in the following lines:

    <session-config>  <session-timeout>30</session-timeout></session-config>