Changing the Session Timeout

CrafterCMS has configurable timeouts for session lifetime and session inactivity.

Session lifetime timeout is the amount of time a session is valid before requiring the user to re-authenticate.

Session inactivity timeout is the amount of time of user inactivity before requiring the user to re-authenticate.

In some cases, some operations in CrafterCMS may last longer than the user session inactivity timeout settings. For this scenario, the session inactivity timeout will need to be modified to allow the operation to finish without the session timing out. Also, you may want to change the timeouts from the default settings.

Here’s a summary of the session timeouts available in CrafterCMS:

Timeout Name

Default Value
(in minutes)

Description

sessionTimeout

480

Studio session lifetime timeout
Location:
CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml

The amount of time a session is valid counting from when a user is logged in.
After this amount of time,a session timeout will be forced in the application layer even if the user is active.

inactivityTimeout

30

Studio session inactivity timeout
Location:
CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml

The amount of time of user inactivity, tracked by Studio, before requiring the user to re-authenticate.
Remember to set the inactivityTimeout value less than the session-timeout value in the web.xml file.
The session inactivity time tracked by Studio is different from the session inactivity time tracked by Tomcat.
This is because there are some API calls that are not tracked as active by Studio.

session-timeout

30

Tomcat session timeout
Location:
CRAFTER_HOME/bin/apache-tomcat/webapps/studio/WEB-INF/web.xml

The amount of time of user inactivity, tracked by Tomcat, before requiring the user to re-authenticate.
This value must be greater than or equal to inactivityTimeout since that timeout can and does kick in
before this one.

Change Session Lifetime Timeout

To change the session lifetime timeout, in your CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml, change the value for studio.security.sessionTimeout to desired amount of time the session is valid in minutes for users.

# Time in minutes after which active users will be required to login again
# studio.security.sessionTimeout: 480

Make sure to stop and restart Studio after making your changes.

Change Session Inactivity Timeout

There are two timeouts you can configure for the session inactivity timeout as described in the above table.

  • session-timeout in the Tomcat web.xml file This is the default Tomcat timeout for handling idle connections (inactive)

  • inactivityTimeout in the Studio override configuration file This is the Studio session inactivity timeout

To change the session inactivity timeout, follow the instructions below:

  1. In your CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml, change the value for studio.security.inactivityTimeout to set the amount of time in minutes the amount of time a user can be inactive before the user’s session times out.

    # Time in minutes after which inactive users will be required to login again
# studio.security.inactivityTimeout: 30

  2. In your CRAFTER_HOME/bin/apache-tomcat/webapps/studio/WEB-INF/web.xml file, change the value in between the session-timeout tags to desired amount of time the session will exist in minutes:

    <session-config>
  <session-timeout>30</session-timeout>
  <tracking-mode>COOKIE</tracking-mode>
    </session-config>

Remember to keep the Studio session inactivity timeout inactivityTimeout from the studio-config-override.yaml file less than the Tomcat session-timeout from the CRAFTER_HOME/bin/apache-tomcat/webapps/studio/WEB-INF/web.xml file.

Make sure to stop and restart Studio after making your changes.

You can also change the Studio session timeouts from the mainMenu Main Menu in Studio under Global Config