Configuring general login and session settings

These settings have to do with aspects such as the session timeout or the way in which users can recover forgotten passwords.

Procedure

  1. Open the general.properties file with a text editor.
  2. Set the value of the absolute_session_timeout property.
    This property manages the timeout of any login session and its value is expressed in seconds. For example, absolute_session_timeout=1200 means that every login session lasts only 1200 seconds (20 minutes). You can disable this property by setting its value to 0 or by commenting it.
  3. Set the value of the session_timeout property.
    This property manages the timeout of idle login sessions and its value is expressed in seconds. For example session_timeout=1200 means that logged in users who do not perform any activity for 1200 seconds (20 minutes) are logged out automatically. You cannot disable this property. However, to make sure that sessions almost never expire, set its value to a very large number such as 18000 (five hours). If you set its value to 0, users cannot log in to WorldServer anymore. If you comment the property, the default value (7200) is applied.
  4. Set the value of the session_client_check property.
    When you set it to on, the session_client_check property ensures that a session can only be used by the same browser that created it. If a user copies the same URL and pastes it into another browser, the session is considered invalid and the user has to log in again. This applies to ws-legacy and WorldServer TransPort.

    As a security measure, in WorldServer 11.x, users always have to log in again if they copy the same valid URL into another browser. To enable the session_client_check property, your browser must accept cookies.

  5. Set the value of the ws.enforce.navigation.panel property.
    Enable the slide-out navigation pane by setting the value of the property to true or disable it by setting the value of the property to false. Also, you must specify the URL to the WorldServer 11 interface as the value of the navigation.panel.url property.
  6. Set the value of the forgot_password_link property. You have two options:
    • If you want users to recover their password by asking their WorldServer administrator through an email message, set the value to email_admin.
    • If you want users to reset their current password themselves, set the value to user_reset.
    If the property is commented out, the default value (email_admin) is used.
  7. Stop WorldServer and start it again.