Session Information in Active Session Table

Bharath Kumar shared this question 4 months ago
Answered

Hello Team,

I would like to know how the session information stores and clears in Active Session Table.

I did some tests which I attached.

When user closes the browsers instead of logging out, the session remains idle in Active Session Table. I did tomcat restart, but it did not remove the session from the table. How can we manage we manage active session table as we are using this data in reports.

Regards,

Bharath

Comments (11)

photo
1

Hi Bharath,

I'll look into this and get back to you with an answer shortly.

Kind regards,

Chris

photo
1

Thanks Chris

photo
1

Hi Bharath,

Having done some testing myself, I can't get the behaviour of duplicate sessions in the table like you did with Gemma in your example. At the end of your testing, if she then logged back in, would that again create the two entries in the table?

As far as clearing the table goes, it appears to store all active sessions in the table after stopping the service. It's then cleaned up on the next run.

Kind regards,

Chris

photo
1

Hi Chris,

Yes, thats correct. The duplicate sessions are not created in 8.0, but they are in 7.3. In 7.3 20180801 build, I see 2 entries for the same user.

When does it clears the sessions from the table? Restarting the service is not cleaning the sessions?

We are using this data in one of the Audit report, so I want to know when and how the sessions are cleared from this table?

Regards,

Bharath

photo
1

Hi Chris,

Any update? Can you confirm if this was a defect in older versions?

And how the sessions are cleared from the table when user quits the browser?

Regards,

Bharath

photo
1

Hi Bharath,

Yes this appears to be fixed in new builds of 7.4 as I can't replicate the outcome in my testing. I'd recommend an upgrade.

Sessions are timed out after 30 minutes, by default. You can change that in the web.xml file under the /conf/ folder. Look for the line:

<session-config>

<session-timeout>30</session-timeout>

</session-config>

Hope that helps!

Kind regards,

Chris

photo
1

Hi Chris,

Do you have any defect ID for issue on 7.3 and 7.4 version?

Regards,

Bharath

photo
1

Hi Bharath,

I'm trying to pin that down as it might have been a side effect of fixing a security issue with session IDs persisting after closing the browser window.

Just to confirm, do you have Quicklogon enabled?

Kind regards,

Chris

photo
1

Hi Chris,

What do you mean by quicklogon?

-Bharath

photo
1

Hi Bharath,

Apologies, quickLogon is a hidden config option and for most colleagues it's enabled by default.

It's the feature that shows this page:

d14743de3bc4cac083bd1d80d7f69e33

and remains as long as the browser holds the cookie with the session info in the cache.

Kind regards,

Chris

photo
1

Hi Bharath,


I hope things are going well over there.


Just wanted to let you know I'll be closing this request due to inactivity. However, if you ever wanted to re-visit this or have anything else I can help you with, please let me know.


Kind regards,

Chris