Skip to content

Increase session timeout for logged-in users

At the moment a logged-in user runs into a Your Session has Expired after a very short time which means annoying re-log-ins when it takes a bit longer to look up information during a submission process

Notes

We identified two possible sources for the timeout:

  • Shibboleth session: set to 1h
  • User (tomcat) sessions: set (per default) to <session-timeout>30</session-timeout> and none of these seem to be misconfigured.

Communication on the CLARIN/#dspace slack channel suggested that dspace invalidates the user session when detecting a changed IP address. And indeed, that's what we are getting:

# grep -c ip_mismatch /opt/lindat-dspace/installation/log/dspace.log.2018-07-30 
17
...
2018-08-10 10:44:18,676 WARN  org.dspace.app.xmlui.utils.AuthenticationUtil
@ anonymous:session_id=9BE373623807B448399B2D13383E85AE:ip_mismatch:id=1, 
request ip=10.12.105.0, session ip=10.12.89.0

Consequently, setting xmlui.session.ipcheck = false in dspace.cfg solves the problem.

Edited by egon w. stemle
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information