Such question may arise because of the pop-up window that notifies you that your session
will expire soon and that you should confirm that you would like to continue your
work with the software, otherwise the session will be finished and you will be redirected to the login screen.
The goal of this feature is to detect if the user is still working with the software because each
active session requires amount of Java memory that is allocated to it, this is especially
important in the multi-tenant application which has hundreds of users. I think that the presence of this feature can be also explained with other important reasons but I’ve heard about the explanation above more frequently.
The default timeout in the application is set to 20 minutes.
The session timeout is configured in <JRS WAR>/WEB-INF/web.xml:
<session-config>
<!--Default to 20 minute session timeouts-->
<session-timeout>20</session-timeout>
</session-config>
Below I quote the relevant information regarding this feature
from JasperReports Server Administrator’s Guide:
8.3 Configuring the User Session Timeout
The user session timeout is the length of time a user’s session
can remain inactive before the server automatically logs the user out.
JasperReports Server displays a pop-up reminder that tells users that their
session is about to expire and gives them the chance to
continue without being logged out.
Note that the session timeout also applies to how long a session
remains in memory after a web services call finishes. If there is
another web service call with the same credentials within the
timeout period, the server reuses the same session.
If the timeout is too short for this case, you may have
performance issues caused by a high load of web service calls.
If the timeout is too long, a user session may stay active
for a long time (even indefinitely with a timeout of 0)if a
user leaves his browser open. The risk of allowing long sessions
is that the in-memory session is not updated with any role changes
until the user logs out manually (ending the session) and logs
in again (creating a new session).
Recommended Comments
There are no comments to display.