Configuring general login and session settings
These settings have to do with aspects such as the session timeout or the way in which users can recover forgotten passwords.
Procedure
- Open the general.properties file with a text editor.
- Set the value of the
absolute_session_timeoutproperty.This property manages the timeout of any login session and its value is expressed in seconds. For example,absolute_session_timeout=1200means that every login session lasts only 1200 seconds (20 minutes). You can disable this property by setting its value to 0 or by commenting it.Important: If the value of theabsolute_session_timeoutproperty is positive, but lower than the value ofsession_timeout, the value ofsession_timeoutwill be used as absolute. For example, ifabsolute_session_timeout=7200andsession_timeout-7800, it is as if both were configured to7800. - Set the value of the
session_timeoutproperty.This property manages the timeout of idle login sessions and its value is expressed in seconds. For examplesession_timeout=1200means that logged in users who do not perform any activity for 1200 seconds (20 minutes) are logged out automatically. You cannot disable this property. However, to make sure that sessions almost never expire, set its value to a very large number such as 18000 (five hours). If you set its value to 0, users cannot log in to WorldServer anymore. If you comment the property, the default value (7200) is applied.Note: The session timeout value that you configure in the general.properties file should have the same value both in the ws-api and in the ws subfolders. - Set the value of the
session_client_checkproperty.When you set it to on, thesession_client_checkproperty ensures that a session can only be used by the same browser that created it. If a user copies the same URL and pastes it into another browser, the session is considered invalid and the user has to log in again. This applies to ws-legacy and WorldServer TransPort.Note: If you installed WorldServer through Tomcat, set thesession_client_checkproperty as follows:- To on in the %WS_CONFIG% and ws-legacy folders.
- To off in the ws-api folder.
As a security measure, in WorldServer 11.x, users always have to log in again if they copy the same valid URL into another browser. To enable the
session_client_checkproperty, your browser must accept cookies. - Set the value of the
ws.enforce.navigation.panelproperty.Enable the slide-out navigation pane by setting the value of the property to true or disable it by setting the value of the property to false. Also, you must specify the URL to the WorldServer 11 interface as the value of thenavigation.panel.urlproperty. - Set the value of the
forgot_password_linkproperty. You have two options:- If you want users to recover their password by asking their WorldServer administrator through an email message, set the value to email_admin.
- If you want users to reset their current password themselves, set the value to user_reset.
If the property is commented out, the default value (email_admin) is used. - Stop WorldServer and start it again.