Secure > Enhance site security


Enable login timeout

When the login timeout feature is enabled, a logged on cookie-based session that is inactive for an extended period, such as a Web or mobile storefront session, is logged off the system and requested to log back on. If the user subsequently logs on successfully, WebSphere Commerce runs the original request that was made by the user. If the user logon fails, the original request is discarded and the user remains logged off the system.


Procedure

  1. Define the LoginTimeoutErrorView and ReLogonFormView views for the store as described in Views for login timeout.

  2. Open the Configuration Manager.

  3. Traverse to the Login Timeout node for the instance as follows: WebSphere Commerce > node_name > Instance List > instance > Instance Properties > Login Timeout.

  4. To activate the login timeout feature, click the Enable check box.

  5. In the Value field, enter the login timeout value, in seconds. The login timeout value is stored in the WebSphere Commerce configuration file in milliseconds, while the value in the Configuration Manager is entered in seconds.

  6. Click Apply.

  7. Upon successfully updating the configuration for the instance, we will receive a message indicating a successful update.

  8. Restart the WebSphere Commerce instance.


Results

For web services sessions, including Management Center and Sales Center, the session uses a leasing concept and is stored in the WebSphere Commerce configuration file:

<ExpiryManagement
  ExpiryMgmtChannelId="-4"
  InactivityTimeout="15"
  Threshold="15"
  enable="true"
/>

Where:

InactivityTimeout

The lease time of the session in minutes. The session remains active within this time. In the sample configuration, for example, the lease time is 15 minutes.

Threshold

The allowable time in minutes to renew the lease. If a request comes in within this threshold time and after the lease time, the lease on the activity is renewed. In the sample configuration, for example, the threshold time is 15 minutes. Therefore, the activity remains active for 30 (15 + 15) minutes.

The InactivityTimeout parameter in the WebSphere Commerce configuration file relates to both Management Center and Sales Center. Therefore, the users of these tools are bound to the same timeout duration and cannot be separated. That is, you cannot set a timeout duration for Management Center that differs from that of Sales Center.


+

Search Tips   |   Advanced Search