|
|
(One intermediate revision by one other user not shown) |
Line 1: |
Line 1: |
| == Session Handling Configuration Options == | | The content on this page has moved to https://documentation.open-xchange.com/components/middleware/config/7.10.3/#mode=tags&tag=Session |
|
| |
|
| === server.properties ===
| | Note: Open-Xchange is in the process of migrating all its technical documentation to a new and improved documentation system (documentation.open-xchange.com). Please note as the migration takes place more information will be available on the new system and less on this system. Thank you for your understanding during this period of transition. |
| | |
| ==== com.openexchange.IPCheck ====
| |
| | |
| The IPCheck enforces that a request in a certain session is only accepted if it comes from the same ip address that created the session. See [[OXSessionSecurityFeatures]]. Can be '''true''' or '''false'''
| |
| | |
| ==== com.openexchange.UIWebPath ====
| |
| | |
| The UIWebPath contains the location of the OX frontend. If a [[OXSessionFormlogin|formlogin]] doesn't supply a ui web path, this one will be used instead.
| |
| | |
| ==== com.openexchange.cookie.ttl ====
| |
| | |
| The time it takes for the secret and session cookies to expire. This should be the same length as '''com.openexchange.sessiond.sessionLongLifeTime'''. See also [[OXSessionAutologin]]. This value is a number followed by a unit of measurement. 1W for example meaning one week. The units are: D(=days) W(=weeks) H(=hours) M(=minutes).
| |
| | |
| ==== com.openexchange.cookie.httpOnly ====
| |
| | |
| Whether or not the HttpOnly option should be added to cookies. This option asks the browser to disallow access to the cookies from javascript code running in the browser. See also [[OXSessionSecurityFeatures]]. Can be '''true''' or '''false'''.
| |
| | |
| ==== com.openexchange.cookie.hash ====
| |
| | |
| Whether the cookie hash is '''calculated''' on every request, forcing the client fingerprint to be checked or whether it is '''remember'''ed in the session. See also [[OXSessionSecurityFeatures]].
| |
| | |
| ==== com.openexchange.cookie.hash.fields ====
| |
| | |
| A comma-separated list of header names that should be included in the cookie hash calculation. See also [[OXSessionSecurityFeatures]].
| |
| | |
| === sessiond.properties ===
| |
| | |
| === com.openexchange.sessiond.maxSession ===
| |
| | |
| The maximum number of sessions served by this OX node. After this number of sessions is created, no new sessions can be created until old ones are closed. You'll probably want to increase this as the session lifetime is increased. 0 meaning no session limit is in effect.
| |
| | |
| === com.openexchange.sessiond.maxSessionPerUser ===
| |
| | |
| The maximum number of sessions that one use can have open simultaneously. A user can not create any more sessions if this number has been exceeded. You'll probably want to increase this as the session lifetime is increased.
| |
| | |
| === com.openexchange.sessiond.sessionDefaultLifeTime ===
| |
| | |
| The number of milliseconds after which an inactive session is placed in hibernation. See also [[OXSessionLifecycle]].
| |
| | |
| === com.openexchange.sessiond.sessionLongLifeTime ===
| |
| | |
| The duration for which a session is kept in hibernation before finally closing it. This is a number and a unit, so 1W for example, means one week. The units are: D(=days) W(=weeks) H(=hours) M(=minutes). This value shouldn't be larger than '''com.openexchange.cookie.ttl'''. See also [[OXSessionLifecycle]]
| |
| | |
| === com.openexchange.sessiond.autologin ===
| |
| | |
| Whether an autologin is enabled or not. Can be '''true''' or '''false'''. See also [[OXSessionAutologin]].
| |
| | |
| == login.properties ==
| |
| | |
| === com.openexchange.ajax.login.errorPageTemplate ===
| |
| | |
| Points to a file containing a template for login error pages after a [[OXSessionFormlogin|formlogin]].
| |