Jump to content
We've recently updated our Privacy Statement, available here ×

  • How to configure session timeout in JasperReports Server

    akonkin

    By akonkin

      • Features: JasperReports Server Product: JasperReports® Server
     Share

    Such question may arise because of the pop-up window that notifies you that your session


    will expire soon and that you should confirm that you would like to continue your


    work with the software, otherwise the session will be finished and you will be redirected to the login screen.


     


    The goal of this feature is to detect if the user is still working with the software because each


    active session requires amount of Java memory that is allocated to it, this is especially


    important in the multi-tenant application which has hundreds of users. I think that the presence of this feature can be also explained with other important reasons but I’ve heard about the  explanation above more frequently.


     


    The default timeout in the application is set to 20 minutes.


     


    The session timeout is configured in <JRS WAR>/WEB-INF/web.xml:


    <session-config>


    <!--Default to 20 minute session timeouts-->


    <session-timeout>20</session-timeout>


    </session-config>


     


    Below I quote the relevant information regarding this feature


    from JasperReports Server Administrator’s Guide:


    8.3 Configuring the User Session Timeout


     


    The user session timeout is the length of time a user’s session


    can remain inactive before the server automatically logs the user out.


    JasperReports Server displays a pop-up reminder that tells users that their


    session is about to expire and gives them the chance to


    continue without being logged out.


     


    Note that the session timeout also applies to how long a session


    remains in memory after a web services call finishes. If there is


    another web service call with the same credentials within the


    timeout period, the server reuses the same session.


    If the timeout is too short for this case, you may have


    performance issues caused by a high load of web service calls.


    If the timeout is too long, a user session may stay active


    for a long time (even indefinitely with a timeout of 0)if a


    user leaves his browser open. The risk of allowing long sessions


    is that the in-memory session is not updated with any role changes


    until the user logs out manually (ending the session) and logs


    in again (creating a new session).


     


     Share
    Go to entries

    User Feedback

    Recommended Comments

    There are no comments to display.



    Guest
    This is now closed for further comments

×
×
  • Create New...

© 2024 Cloud Software Group,
Inc. All rights reserved.

Products

Explore