Configure Active Logout

Introduction

Goal

Configure the maximum time a user may be inactive before being automatically logged out of the CMS or Console web application.

Background

The CMS and Console application automatically log out users that have not been active for a while. The 'maximum inactive' time is by default set to 30 minutes. Lingering sessions are thereby closed automatically, which improves security.

What is User Activity?

User activity is currently defined as 'Ajax interaction with the backend'. Clicking an element in the UI and/or saving data will almost always trigger Ajax interaction.

Two Ajax interactions are currently excluded:

• the pinger that pulls in changes from concurrent sessions every 20 seconds
• the 'live updates' of the Realtime tab in the Content audiences application (available in the Relevance module)

Configure the Maximum Inactive Interval

The maximum inactive interval of an application is always specified in minutes and can be changed by adjusting the value of the following properties in the Console:

• CMS:

  /hippo:configuration/hippo:frontend/cms/cms-static/root/max.inactive.interval.minutes

• Console:

  /hippo:configuration/hippo:frontend/console/console/root/max.inactive.interval.minutes

Disable Active Logout

A value of 0 disables the active logout: users will then stay logged in as long as the browser window for that application remains open and active.

For Developers

Active logout is disabled entirely when the application is run in Wicket development mode.

To check whether active logout is enabled or not, set the log level of org.hippoecm.frontend.plugins.cms.logout.ActiveLogoutPlugin to INFO.