OXSessionAutologin: Difference between revisions

From Open-Xchange
m (Created page with "== OX Autologin == Autologin allows a user to reclaim a session when she reloads the browser window or, after closing the browser, later returns to the OX frontend. In this page...")
 
No edit summary
 
Line 1: Line 1:
== OX Autologin ==
The content on this page has moved to https://documentation.open-xchange.com/7.10.3/middleware/login_and_sessions/session_lifecycle.html


Autologin allows a user to reclaim a session when she reloads the browser window or, after closing the browser, later returns to the OX frontend. In this page we'll look at two scenarios:
Note: Open-Xchange is in the process of migrating all its technical documentation to a new and improved documentation system (documentation.open-xchange.com). Please note as the migration takes place more information will be available on the new system and less on this system. Thank you for your understanding during this period of transition.
 
# Disable Autologin
# The full monty, session recovery even after a good nights sleep
 
=== Disabling Autologin ===
 
Allowing Autologin has some security implications. Everyone having access to a browser that contains the data to revive a session can enter said session. Therefore we offer OX administrators the option to completely turn off the autologin feature. To do that, open the configuration file '''/opt/openexchange/etc/groupware/sessiond.properties''' and look for '''com.openexchange.sessiond.autologin''' and set it to false:
 
com.openexchange.sessiond.autologin=false
 
But, allowing users to reenter their session is a nice feature, so let's go on to
 
=== Enabling Long Running Sessions /w autologin ===
 
The default OX6 configuration sets the system up for long running sessions, that can be recovered. Which configuration options make this happen? Glad you asked. Let's first look at the file '''sessiond.properties''':
 
#
# sessiond.properties
#
# Maximum value in milliseconds a session is allowed to be kept without request. After this time the session is put into the long life time
# container and all temporary session data is removed.
com.openexchange.sessiond.sessionDefaultLifeTime=3600000
# This amount of time a session can life in the long life time container. The session can be restored from here but it won't have any
# temporary session data anymore. Restoring temporary session data may cause some slower functionality and maybe temporary errors on image,
# proxy data or the like. Can contain units of measurement: D(=days) W(=weeks) H(=hours) M(=minutes).
com.openexchange.sessiond.sessionLongLifeTime=1W
# Whether autologin is allowed or not
com.openexchange.sessiond.autologin=true
 
 
If you recall the [[OXSessionLifecycle|lifecycle]] of an OX session, you'll remember that sessions are put into hibernation after some time has elapsed. This time is the value of ''' com.openexchange.sessiond.sessionLongLifeTime''', in milliseconds. So in this case, a session is stored in hibernation after one hour of not having been used. The session then remains in hibernation, and can be reactivated, for the '''com.openexchange.sessiond.sessionLongLifeTime'''. In this case one week. Note though that this session recovery only works if the IP address of the client computer hasn't changed in the meantime. This would usually mean, that Laptops won't have their sessions reactivated, but a desktop computer might conceivably never have to log in again, if the user doesn't stay away from the OX frontend for more than one week. Finally we have to enable autologin, so '''com.openexchange.sessiond.autologin''' is set to '''true'''.
 
So far so good. Now that we made sure the OX Server remembers the session sufficiently long, we have to ensure that the users browser remembers its cookies long enough, as the autologin data is saved in the browser cookies (See [[OXSessionLifecycle]]). So, let's open up the file '''server.properties'''.
 
  com.openexchange.cookie.ttl=1W
 
This configuration option governs the cookie expiry date. This should usually be the same as '''com.openexchange.sessiond.sessionLongLifeTime'''.

Latest revision as of 10:56, 18 November 2019

The content on this page has moved to https://documentation.open-xchange.com/7.10.3/middleware/login_and_sessions/session_lifecycle.html

Note: Open-Xchange is in the process of migrating all its technical documentation to a new and improved documentation system (documentation.open-xchange.com). Please note as the migration takes place more information will be available on the new system and less on this system. Thank you for your understanding during this period of transition.