Closing a JaloSession

October 02, 2020

Closing a JaloSession

https://help.sap.com/viewer/d0224eca81e249cb821f2cdf45a82ace/1808/en-US/8c005cde86691014a49ce1de22f3897f.html

Closing a JaloSession results in the JaloSession being made invalid. SAP Commerce will not allow users or CronJobs to use closed JaloSessions. If a user tries to log into SAP Commerce, such as shop application, SAP Commerce will create a new JaloSession for the login process. There are two aspects that militate in favor of closing JaloSessions:

Security
Closing JaloSessions prevents "taking over" existing JaloSessions
Performance
Keeping the number of active JaloSessions down to a minimum reduces load on the SAP Commerce server.

There are two approaches to closing a JaloSession:

Automatically via a session timeout
The JaloSession's timeout attribute specifies the expiration of the JaloSession in seconds. For many practical purposes, letting the JaloSessions time out automatically will do.
Note
SAP Commerce removes expired JaloSessions automatically via the JaloSession class.
The default timeout value is specified by the default.session.timeout property in the SAP Commerce project.property file (please refer to Configuring the Behavior of SAP Commerce for additional details). The default.session.timeout property defaults to 3600 (specified in seconds). Specifying a non-positive value for the timeout attribute of a JaloSession disables the timeout, as in the following code snippets. CronJobs are a common field of application for using a non-timeout JaloSession, for example.
- Timeout of ten seconds:
```
JaloSession.getCurrentSession().setTimeout( 10 );
```
- No timeout:
```
JaloSession.getCurrentSession().setTimeout( 0 );
```
- No timeout:
```
JaloSession.getCurrentSession().setTimeout( -1 );
```
Setting Session Timeout for Specific Web Applications
It is also possible to configure session timeout per web application. Just set the following property to a non-negative number in the local.properties file:
```
[extension].session.timeout=1500
```
Values lower than 0 will be ignored and <default.session> timeout will be used instead. 0 means that session will never time out. For example, in order to set Administration Console session timeout to 1000 seconds, add the following property to local.properties.
```
hac.session.timeout=1000
```
Restart the server for your changes to take effect.
Manually and immediately
By calling the JaloSession class's close() method, the JaloSession is invalidated outright, as in
```
JaloSession.getCurrentSession().close();
```
Calling this method is useful if the JaloSession needs to be turned invalid right away, such as during a log out. Do not call this method if you need to use the JaloSession later on.

Search This Blog

Sairamreddy Vintha

Closing a JaloSession

Comments

Post a Comment

Popular Posts

Sap Commerce cloud (hybris) Resetting Back office Configuration

Everything about Hot Folder in Hybris