Quick question, I notice that when I login to Magnolia, and didn't touch my browser for some time, It will not auto logout. Is there a configuration for having the session timeout for the Magnolia login?
Thanks! :)
Assuming you are deploying Magnolia using Tomcat, then under
conf/web.xml
You will find the session timeout set to 30 minutes by default. There you may configure it.
<session-config>
<session-timeout>30</session-timeout>
</session-config>
Related
We want to secure our icCube installation, especially the WEB APP. We found that with Jetty we should be able to put the following in a web.xml:
<session-config>
<cookie-config>
<comment>__SAME_SITE_STRICT__</comment>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
How do wet set this in icCube? I don't see this file and wouldn't know where to place it.
There is no way to directly setup Jetty native configuration. For production setup, icCube is usually placed behind the company Web server and as such does not require much configuration.
Should you need to pass those parameters to Jetty, icCube would need add them to the icCube.xml. Please contact icCube support for this kind of request.
Hope that helps.
I made a web application using (JSF and JPA) and then deployed it to Glassfish Application Server.
It works fine, but when I leave the Application idle for a period of time, maybe one hour, and then trying to use the application, it throws exception said that (the requested view couldn't be restored).
And when reloading my application in Glassfish it works fine again, how can I solve this problem?
This is a ViewExpiredException and is fired when the state saving method is set to server(default) and you make a post request to the view which is not available in the session anymore.
One way to solve the problem is to redirect users to a particular page when this type of exception is thrown. You can configure an error page for this in web.xml.
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/errorpage.xhtml</location>
</error-page>
If I change (and upload) the web.config of an ASP.NET site, do existing users surfing the site lose their sessions?
Also, does the IIS server need to be reset?
If the session is in proc, then yes, they do loose their sessions.
If you are using a session server then no, they don't.
A new web.config would cause a restart of the site automaticlly, but should not require an IIS reset.
Modifying the web.config file will cause the application to restart an it is equivalent to recycling the application pool. If you are using InProc session management, then yes, all user sessions will be lost. No, an IIS reset is not needed.
I dislike it when I lose the session state of my ASP.NET web app when changing code.
Losing the session state means I have to log in over and over again. It's annoying.
Is there anyway I can reconfigure my app so that I can make changes to code and not have to re-authenticate to view those changes?
(I know that changing .ASPX files does this fine. My concern is over App_Code and Bin compiled code.)
Unfortunately changes in the web.config or in dll's in the bin folder will cause an application reload and there is nothing you can do about it, AFAIK.
I wonder what will happen if you will store session state in StateServer. Maybe it will work ( I will be surprised if it does).
If you are in a developer environment you can try disabling logging into the site, or when the site checks for authentication just return your default authentication. For production, a StateServer will help as Igal pointed out.
One last option, store the login information in Session, but as a backup to that use a login table in your database to be able to restore a user's authentication status from a cookie. Obviously, consider security implications.
By changing your StateServer to use your machine (enabling the ASP.NET State Service), you won't lose your login.
If I add "trace=true" into my directive on an asp.net 2.0 .aspx page, will it recycle my application pool?
I know if I enable tracing in web.config that will recycle the application pool.
The webserver is IIS 6.0.
Thanks.
I'm not 100% sure but it shouldn't. Any change to a web.config file would cause an app pool reset, but a page level change shouldn't even in the directive.
Check out the section "Why does an application domain recycle?" in this link
Technically if it's the 15th re-compile it could cause a reset... but other than that no.
I believe it will just trigger a recompile of that page. Editing of an aspx file is not a trigger for an application restart.
Why not test it out and see?
Ok - I just tried it out on a testing server - adding in the "trace=true" directive on the page level did NOT recycle the application pool.
It won't. the app pool only recycles when a dll is changed in the Bin directory or if the web.config file is changed. If you are concerned about loosing your session info as that is what the question seems to me to be more related to then you can use the asp.net session state provider and that way your app pool can recycle as many times as it likes without you loosing your session.