OXSessionConfigurationOverview
Session Handling Configuration Options
server.properties
com.openexchange.IPCheck
The IPCheck enforces that a request in a certain session is only accepted if it comes from the same ip address that created the session. See OXSessionSecurityFeatures. Can be true or false
com.openexchange.UIWebPath
The UIWebPath contains the location of the OX frontend. If a formlogin doesn't supply a ui web path, this one will be used instead.
com.openexchange.cookie.ttl
The time it takes for the secret and session cookies to expire. This should be the same length as com.openexchange.sessiond.sessionLongLifeTime. See also OXSessionAutologin. This value is a number followed by a unit of measurement. 1W for example meaning one week. The units are: D(=days) W(=weeks) H(=hours) M(=minutes).
com.openexchange.cookie.httpOnly
Whether or not the HttpOnly option should be added to cookies. This option asks the browser to disallow access to the cookies from javascript code running in the browser. See also OXSessionSecurityFeatures. Can be true or false.
com.openexchange.cookie.hash
Whether the cookie hash is calculated on every request, forcing the client fingerprint to be checked or whether it is remembered in the session. See also OXSessionSecurityFeatures.
com.openexchange.cookie.hash.fields
A comma-separated list of header names that should be included in the cookie hash calculation. See also OXSessionSecurityFeatures.
sessiond.properties
com.openexchange.sessiond.maxSession
The maximum number of sessions served by this OX node. After this number of sessions is created, no new sessions can be created until old ones are closed. You'll probably want to increase this as the session lifetime is increased. 0 meaning no session limit is in effect.
com.openexchange.sessiond.maxSessionPerUser
The maximum number of sessions that one use can have open simultaneously. A user can not create any more sessions if this number has been exceeded. You'll probably want to increase this as the session lifetime is increased.
com.openexchange.sessiond.sessionDefaultLifeTime
The number of milliseconds after which an inactive session is placed in hibernation. See also OXSessionLifecycle.
com.openexchange.sessiond.sessionLongLifeTime
The duration for which a session is kept in hibernation before finally closing it. This is a number and a unit, so 1W for example, means one week. The units are: D(=days) W(=weeks) H(=hours) M(=minutes). This value shouldn't be larger than com.openexchange.cookie.ttl. See also OXSessionLifecycle
com.openexchange.sessiond.autologin
Whether an autologin is enabled or not. Can be true or false. See also OXSessionAutologin.
login.properties
com.openexchange.ajax.login.errorPageTemplate
Points to a file containing a template for login error pages after a formlogin.