Thursday 29 October 2015

SESSION TIMEOUT - WebLogic Server

This topic explains about setting of session timeout for JAS Server for WebLogic server
Session timeout is a crucial setting. Setting the timeout value more than 30 minutes may cause high memory usage and out of memory error. Following setting is for 30 minutes timeout

1 Session Timeout Settings for Oracle WebLogic Server (WLS)

The web.xml file is missing the session-timeout descriptors.  The session defaults to 1 hour.
  1. Locate the two web.xml files for the weblogic installation as given below:
>> web.xml in the Server Manager Agent installation directory on the JAS Server:
......targets/webinstance name/owl_deployment/webclient.ear/app/webclient.war/WEB-INF/web.xml

>> web.xml in the Weblogic installation directory:
......user_projects/domains/.../servers/machine name/stage/webinstance name/app/webclient.war/WEB-INF/web.xml
  1. Make a backup of the above two web.xml files. Add the following stanza at the end (right before </web-app>) of both these web.xml files:
<session-config>
<session-timeout>30</session-timeout>
</session-config>
  1. Bounce the web instance once.

Additionally, the E1 parameter that comes into play is the UserSession in the JAS.INI file:
[CACHE]
UserSession=1800000
  • UserSession=1800000 this value is equivalent to 30 minutes.
  • This will expire the JDE user session after 20 minutes of inactivity despite a higher setting in the Weblogic XML files.
  • NOTE: The UserSession inactivity is checked in fixed intervals set by the variable cachecheck from the same section in JAS.INI. This means that if the UserSession is 30min and cachecheck 5min, the session will actually be expired at any time between the 30min and 34min59sec, this means the first time the cachecheck runs after the idletimeout is exceeded.

Here is additional information on timeouts:
  • The user session for WebLogic needs to timeout before the user session for JAS.  For instance, if the user sessions for WebLogic are set to timeout after 60 minutes of inactivity, then the user sessions for JAS needs be set to timeout to somewhat more than 60 minutes (like 70 minutes).

  • If the timeout is set to 60 minutes, the user’s session will be cleaned up (removed) the next time a cachecheck task is executed and the session has 60+ minutes of INACTIVITY, hence upon clicking any application users are taken to the login page for a new session to be created (this is how it will work). Note: If the cachecheck interval is 10min, the session idle time could go from 60min to 59min59sec before it's expired.
  • The UserSession will only be active for as much time as mentioned in the JAS.INI file or the WLS session timeout value whichever is LOWER. Note: the UserSession must also take into account the variability of the expiration time depending on the cachecheck intervals.
  • If the session needs to be active for upto/beyond 2 hours it is necessary to increase this to 2 hours (120 minutes) in both the WLS session timeout settings and the JAS.INI file and bounce the JAS Server for the setting to take effect.
NOTE:
The DOWNSIDE of this extensive timeout value is that the user session will be kept in memory for a longer time which in turn the JVM will support fewer sessions.  If more sessions get created (more users login) and remain in memory for a longer time there is a chance that an OutOfMemory condition will be reached.  Consider fewer users per (JVM) JAS instance if user sessions are going to be "alive" for a longer time.  Oracle Support recommends a timeout value of 30 minutes with 60 minutes being the high end.

1 comment: