Configuring cookie-based timeout

When the login timeout feature is enabled, a logged on cookie-based session that is inactive for an extended period, such as a web or mobile storefront session, is logged off the system and requested to log back on. If the user then logs on successfully, HCL Commerce runs the original request that was made by the user. If the user logon fails, the original request is discarded and the user remains logged-off from the system.

For HCL Commerce tools (HCL Commerce Accelerator, HCL Commerce Administration Console, and HCL Commerce Organization Administration Console), login timeout does not present a login page to the user. Instead, it closes the browser window and the user must log back on to the tool. Thus, in the case of tools, the original request that the user submits is not processed.

To configure cookie-based timeout:

Procedure

  1. Define the LoginTimeoutErrorView, ReLogonFormView and RememberMeLogonFormViewSpring views for the store as described in Views for login timeout.
  2. Open the configuration file.
  3. Find the LoginTimeout element and configure it as required.
    • Example #1
      <LoginTimeout enabled="true">
      <Timeout display="false" value="1800000"/>
</LoginTimeout>
    • Example #2
      <LoginTimeout enabled="true" ignoreOnErrors="ABCErrorView,DEFErrorView" > 
      <Timeout display="false" value="1800000"/> 
      <TimeoutWebAdmin display="false" value="90000"/>  
</LoginTimeout>
    Where:
    enabled
    Specifies whether cookie-based timeout is enabled.
    Accepted values are:
    • true for enabled.
    • false for disabled.
    Timeout/value
    The number of milliseconds that the session should last when there is inactivity on the site.

    For example, 1800000 milliseconds (30 minutes).

    If a request is made between one minute and the session expiry time, then the session will be extended by this value in the WC_USERACTIVITY cookie.

    TimeoutWebAdmin/value
    The number of milliseconds that the session should last when there is inactivity on the HCL Commerce tools (Commerce Accelerator, Administration Console, and Organization Administration Console).

    If this is left unspecified, then the Timeout/value will apply to these tools.

    ignoreOnErrors
    In a Spring request flow, there are certain session related error views that bypass this login timeout check by default: CookieErrorView and InactiveActivityTokenErrorView.

    If you want to add any other views that should bypass the login timeout check, you can specify them here, in a comma delimited list.

  4. Save and close the file.
  5. Deploy your changes and build a new Docker container for the Transaction server. See HCL Commerce configuration file (wc-server.xml).

Results

Cookies are configured for session timeout for users of your site.

What to do next

Package your changes to the HCL Commerce configuration file for deployment.