Session (Sun GlassFish Web Space Server 10.0 Administration Guide)

Sun GlassFish Web Space Server 10.0 Administration Guide

Session

Session is a property in the portal.properties file, which is the default configuration file for Sun GlassFish Web Space Server. You can override this property using portal-ext.properties file.

Specify the number of minutes before a session expires. This value is always overridden by the value set in web.xml.

session.timeout=30

Specify the number of minutes before a warning is sent to the user informing the user of the session expiration. Specify 0 to disable any warnings.

session.timeout.warning=1

Set the auto-extend mode to true to avoid having to ask the user whether to extend the session or not. Instead it will be automatically extended. The purpose of this mode is to keep the session open as long as the user browser is open and with a portal page loaded. It is recommended to use this setting along with a smaller session.timeout, such as 5 minutes for better performance.

session.timeout.auto.extend=false

Set this to true if the user is redirected to the default page when the session expires.

session.timeout.redirect.on.expire=false

Portlets that have been configured to use private session attributes in liferay-portlet.xml may still want to share some session attributes. This property allows you to configure which session attributes will be shared. Set a comma-delimited list of attribute names that will be shared when the attribute name starts with one of the specified attribute names. For example, if you set the value to hello_, world_, then all attribute names that start with hello_ or world_ will be shared.

Note that this property is used to specify the sharing of session attributes from the portal to the portlet. This is not used to specify session sharing between portlet WARs or from the portlet to the portal.

session.shared.attributes=org.apache.struts.action.LOCALE,COMPANY_,USER_,LIF
ERAY_SHARED_

Set this to false to disable all persistent cookies. Features like automatically logging in will not work.

session.enable.persistent.cookies=true

The login process sets several cookies if persistent cookies are enabled. Set this property to set the domain of those cookies.

session.cookie.domain=

Set the following to true to invalidate the session when a user logs into the portal. This helps prevents phishing. Set this to false if you need the guest user and the authenticated user to have the same session.

session.enable.phishing.protection=true

Set the following to true to test whether users have cookie support before allowing them to sign in. This test will always fail if tck.url is set to true because that property disables session cookies.

session.test.cookie.support=true

Set the following to true to disable sessions. Doing this will use cookies to remember the user across requests. This is useful if you want to scale very large sites where the user may be sent to a different server for each request. The drawback to this approach is that you must not rely on the API for sessions provided by the servlet and portlet specs.

This feature is only available for Tomcat and requires that you set Tomcat's Manager class to com.liferay.support.tomcat.session.SessionLessManagerBase.

session.disabled=false

Input a list of comma-delimited class names that extend com.liferay.portal.struts.SessionAction. These classes will run at the specified event.

#
# Servlet session create event
#
servlet.session.create.events=com.liferay.portal.events.SessionCreateAction
#
# Servlet session destroy event
#
servlet.session.destroy.events=com.liferay.portal.events.SessionDestroy-
Action

Set the following to true to track user clicks in memory for the duration of a user's session. Setting this to true allows you to view all live sessions in the Admin portlet.

session.tracker.memory.enabled=true

Set the following to true to track user clicks in the database after a user's session is invalidated. Setting this to true allows you to generate usage reports from the database. Use this cautiously because this will store a lot of usage data.

session.tracker.persistence.enabled=false

Set the following to true to convert the tracked paths to friendly URLs.

session.tracker.friendly.paths.enabled=false

Provide a list of comma-delimited paths that should not be tracked.

session.tracker.ignore.paths=\
/portal/css_cached,\
/portal/javascript_cached,\
/portal/render_portlet,\
\
/document_library/get_file