Configuring idle timeout
You have two options for setting idle timeout in IG depending on your requirements:
- JwtSession - if you use this object to store sessions, you can specify how long they are valid for. This is not strictly an idle timeout, but may be sufficient for your needs.
- HTTP session - if you require true idle timeout functionality, then you must specify session timeout settings in the web application container.
If you are using the JwtSession object to store sessions, you can use the sessionTimeout property to specify how long sessions are valid for:
- Set the persistentCookie property to true to create persistent cookies.
- Set sessionTimeout to the period of time for which the JWT session is valid. Once this time period is exceeded, the cookie will expire.
See Configuration Reference › JwtSession for further information including valid duration settings for the sessionTimeout property.
If you want true session idle timeout, you need to set the <session-timeout> property in either the web application container configuration file (global setting) or in the web.xml file (located in the WEB-INF directory) for the IG web application; this setting overrides the global setting.
For example, to set the timeout to 60 minutes:<session-config> <session-timeout>60</session-timeout> </session-config>
The required global configuration file varies according to which container you use:
- Apache Tomcat™ - web.xml (located in the /path/to/tomcat/conf/ directory).
- Jetty® - webdefault.xml (located in the /path/to/jetty/etc/ directory).
- JBoss® - web.xml (located in the server/<profile>/deploy/jboss-web.deployer/conf/ directory).
There are no session expired triggers in IG that can automatically log you out of an associated application once the session expires. One possible solution would be to call the logout endpoint on the other application every time a user arrives at IG without a valid session; however, if this requires tokens or other values that IG won't have access to (because the user's session has expired or does not exist) then this will not be possible.
Related Issue Tracker IDs