Search code examples
xpageslotus-domino

XPages (Application Timeout vs Session Timeout) vs (Server Session Timeout)


I am finding it difficult to understand the difference/purpose of the following.

Edit 1: I was wrong here. It does get updated, just made a mistake between users, so ignore point "1" if anyone is reading this question.

  1. Server Session Timeout: I created a Web SSO configuration document and updated the same on the server document and after restarting the http server I do see the changes in session timeout ( say for eg. if I set it to 300 then the timeout is set to 5 hours. I see this using tell http show users command), however, the timeout is always set to login time plus "X" minutes, so if supposingly I am working on application on "X-1" minute, it would throw me out on "X th" minute, no matter what. How do I get this fixed?

  2. Application Timeout and Session Timeout: I change the same in xsp properties of the database/application, however, I don't see anything happening here except obviously the value is set when I get the same using javascript. So, what is the purpose?

Any suggestions/description would really be appreciated.


Solution

  • I'm not sure where you're looking for 2. It won't show in "show users" in HTTP, because it's a setting related to the XSP Command Manager, not HTTP itself.

    Application Timeout determines the length of time without a browser request before which applicationScope will be trashed.

    Session Timeout determines the length of time with a request from a specific browser before which that browser's sessionScope and the session's Component Trees will be trashed. Server Session Timeout has to be longer than session timeout.

    Server Session Timeout determines the timeout for a user's HTTP session. Here is a significant different. If you log out of HTTP but don't close the browser, the user will no longer be shown in a "show users" console command. Log back in as a different user, then a new Server Session Timeout will be created, but the pre-existing Session Timeout for that browser will be updated. That's because Session Timeout is for the browser, not the user.

    Close the browser and the sessionScope for that browser along with the component trees will remain, because just closing a browser doesn't pass a request to the server, so the server doesn't know the browser session has gone. The server can't know whether the user has closed the browser or just left it inactive. Set Session Timeout too long, and you can have a lot of sessionScopes/component trees hanging either in memory or on disk, depending on your setting. So best practice is to keep Session Timeout low but use a Keep Session Alive control.

    There's probably more in depth explanation in Mastering XPages 2nd Edition or XPages Portable Command Guide.