Skip to content

OBPIH-6784 Set a more lenient session timeout#4918

Merged
ewaterman merged 3 commits intodevelopfrom
ft/OBPIH-6784-session-timeout-update
Nov 6, 2024
Merged

OBPIH-6784 Set a more lenient session timeout#4918
ewaterman merged 3 commits intodevelopfrom
ft/OBPIH-6784-session-timeout-update

Conversation

@ewaterman
Copy link
Member

@ewaterman ewaterman commented Oct 28, 2024

✨ Description of Change

A concise summary of what is being changed. Please provide enough context for reviewers to be able to understand the change and why it is necessary. If the issue/ticket already provides enough information, you can put "See ticket" as the description.

Link to GitHub issue or Jira ticket: https://pihemr.atlassian.net/browse/OBPIH-6784

Description:

  1. We're changing our session timeout from 1 to 2 hours.
  2. Configure a custom timeout for non-embedded server deploys (ie when deploying to an external Tomcat Servlet). The config in application.yml only applies to embedded servers. the web.xml file works for external Tomcat deploys. now also applies to external deploys thanks to the CustomHttpSessionListener InitializationInterceptor

@ewaterman ewaterman self-assigned this Oct 28, 2024
@github-actions github-actions bot added type: feature A new piece of functionality for the app flag: config change Hilights a pull request that contains a change to the app config labels Oct 28, 2024
@ewaterman
Copy link
Member Author

I'd like to deploy this branch to an environment so that we can test that the setting is actually being applied.

"server.session.timeout" (or "server.servlet.session.timeout" in SpringBoot 2+) is the matching
setting in application.yml.
-->
<session-timeout>120</session-timeout>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this configurable in any way when the app is deployed and hosted through tomcat?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A good question. I'm not sure honestly

@github-actions github-actions bot added the domain: backend Changes or discussions relating to the backend server label Oct 31, 2024
int order = HIGHEST_PRECEDENCE

public InitializationInterceptor() {
InitializationInterceptor() {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I realized that we already had this class for building the user session so I switched to use it instead in an attempt to keep our code in one place.

I also cleaned up the code slightly by moving things into methods, adding comments, and accessing properties via @value instead. None of the logic is changed.

@ewaterman
Copy link
Member Author

I've tested this on obdev5 and it looks like it's working!

Non-logged in users (ie people who just go to the login page) will still use the 30min timeout (I did this by choice because we don't need a huge TTL for people who haven't even bothered logging in) but once you log in, it switches to 2h.

Screenshot from 2024-11-01 10-34-53

@ewaterman ewaterman merged commit 43a396e into develop Nov 6, 2024
@ewaterman ewaterman deleted the ft/OBPIH-6784-session-timeout-update branch November 6, 2024 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

domain: backend Changes or discussions relating to the backend server flag: config change Hilights a pull request that contains a change to the app config type: feature A new piece of functionality for the app

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants