Service Desk Session Timeout - Container-Based Session Timeout

  • 7012230
  • 01-Sep-2004
  • 26-Jul-2021

Environment

Novell Service Desk
Service Desk v8.x

Situation

What is the difference between a servlet container's session timeout value and Service Desk's own internal session timeout value. This also explains how to configure the two to work in harmony with each other.


Resolution

Service Desk includes an internal session timeout setting which can be configured by the administrator in the Setup > Privileges > System | General Settings area (Session Timeout).
All open sessions are automatically terminated after a period of inactivity that matches the specified interval.

In addition to this, servlet containers that comply with Sun's* Java* Servlet Specification** version 2.3 and higher include their own session termination functionality.

Within such a servlet container, session timeout values are configured on a servlet-by-servlet basis. Each servlet defines its own session timeout value in its deployment descriptor file (located in the servlet's WEB-INF folder and usually named web.xml). Inside the deployment descriptor file, the timeout value is specified in minutes inside a session-timeout tag which in turn is wrapped in a session-config tag.

To specify Novell Service Desk's container-based session timeout value, open the following file in a text editor:

 Novell Service Desk_DEPLOYMENT_DIRECTORY\Server\webapps\LiveTime\WEB-INF\web.xml

Under Apache Tomcat, the Novell Service Desk_DEPLOYMENT_DIRECTORY is located at:

 /TOMCAT_HOME/webapps/Novell Service Desk

 Look for the following lines (insert them if they aren't already present):
<session-config>
<session-timeout>30</session-timeout>
</session-config>
 
In this example, the session timeout value is set to 30 minutes. 

It is recommended that the the container-based session timeout value be configured to MATCH the value specified in the Setup > Privileges > System area. If the container-based session timeout value is less than the value specified in the Setup > Privileges > System area, the container will cut sessions short. If the container-based value is greater than the system's value, the container's sessions will linger and continue to tie up server resources for longer than is necessary.

Note: Although the servlet specification allows the use of 'never-ending' sessions by setting the container's session timeout value to a number less than or equal to zero, it is not recommended.
 

Additional Information

Formerly known as 1000029