Configure the release session

Release timeout

In Release, you can configure the time that a user can remain logged in without using the GUI. After this timeout, the user will be logged out.

The timeout only applies during one browser session. If the user closes the browser, Release automatically logs the user out.

To configure the timeout:

  1. Open <XL_RELEASE_SERVER_HOME>/conf/xl-release-server.conf.
  2. Locate the client.session.timeout.minutes setting.
  3. Change it to the number of minutes Release should wait before logging the user out. The default value of 0 means that no timeout is configured.
  4. Save the file.
  5. Restart the Release server.

Important: If the client.session.timeout.minutes value is set to 0, and a user session is inactive for more than 30 days, it will be automatically purge from the session database if session storage is enabled.

Configure release session

Configuring the session storage settings

In Release, you can configure the session storage to enable clustered sessions without being tied to an application container. The session data will be stored in the database.

To configure the session storage settings:

  1. Add the xl, server and session properties to the XL_RELEASE_SERVER_HOME/conf/xl-release.conf configuration file.
  2. In the session property, add an additional storage property. This property identifies the predefined session storage configuration you wish to use. The supported values are:

    Parameter Description
    enabled Whether to enable session storage. Default is true.
    cleanup-cron Cron expression to cleanup expired session data on regular intervals. Default is “0 0/5 * * * *”

Sample session storage settings

xl {
    server {
        session {
            storage {
                enabled = true
                cleanup-cron = "0 0/5 * * * *"
            }
        }
    }
}

Make sure to add the snippet above to all of the cluster nodes.

Add the following properties to the xl-release-server.conf file in order to configure session timeout and the remember-me cookie:

client.session.timeout.minutes=20
client.session.remember.enabled=true

Configure number of allowed concurrent sessions

Add a configuration parameter to restrict maximum number of concurrent sessions.

xl {
  server {
    session {
      maximumSessions = -1 // -1 to allow unlimited logins, or a positive integer to specify a maximum
      exceptionIfMaximumExceeded = false // false to forcibly logged out the user that has already authenticated. true to throw an exception and prevent user to login.
      storage {...}
    }
  }
}