Enabling login timeout for a cookie-based session

When the login timeout feature is enabled, a logged on cookie-based session that is inactive for an extended period, such as a web or mobile storefront session, is logged off the system and requested to log back on. If the user then logs on successfully, HCL Commerce runs the original request that was made by the user. If the user logon fails, the original request is discarded and the user remains logged off the system.

Note:
  • For HCL Commerce tools (for example, Administration Console or HCL Commerce Accelerator), login timeout does not present a login page to the user. Instead, it closes the browser window and it is up to the user to log back on to the tool. Thus, in the case of tools, the original request that the user submits is not processed.
  • When a user session times out and the user chooses to be remembered, the session turns into a partial authenticated session instead of a generic user session. When this happens, the redirect URL goes to the original URL instead of the logon page (ReLogonFormView). If the original URL does not allow partial credential authentication, the user is redirected to the logon page (RememberMeLogonFormView).
  • The login timeout feature applies only to requests that are not cached.
  • If the original request is secured (SSL) and does not contain a krypto parameter, the original request will contain the krypto parameter that is generated by the logon command after logging on again.

Procedure

  1. Define the LoginTimeoutErrorView and ReLogonFormView views for the store as described in Views for login timeout.
  2. In your developer environment, open workspace_dir\WC\xml\config\wc-server.xml for editing.
  3. Find the InstanceProperties > LoginTimeout element. Set the value of the enabled attribute to true. Set the value of the Timeout attribute in milliseconds. If you want to use a different timeout for tools (the Accelerator, Admin Console and OrgAdminConsole) as compared to the Store, add the TimeoutWebAdmin element as well.
    
    <LoginTimeout enabled="true">
          <Timeout display="false" value="1800000"/>
          <TimeoutWebAdmin display="false" value="90000"/> 
    </LoginTimeout>
  4. Save and close the file.
  5. Deploy your changes and build a new Docker container for the Transaction server. See HCL Commerce configuration file (wc-server.xml).

What to do next

Package your changes to the HCL Commerce configuration file for deployment.