Magnolia comes with a default session timeout. However, you can configure this to meet your requirements.
The session timeout defines the allowed time of inactivity after which the user must login again. The session timeout for the Magnolia AdminCentral is bound to the session timeout of the underlying servlet container. The inactivity itself is measured from the last request to the server.
- The default timeout is
If you’re running Magnolia locally, you can typically find this file at
./apache-tomcat/conf/web.xml. For instance, on a Tomcat server, the session timeout is configured per web application in the
web.xml as shown below.
|For more in-depth information on Vaadin session timeouts, see the Vaadin docs.|
<session-timeout>to your desired duration.apache-tomcat/conf/web.xml
<session-config> <session-timeout>30</session-timeout> (1) </session-config>
1 The session timeout in minutes.
If you are using an Identity Provider for SSO, you’ll need to ensure that the