Session Handling Configuration Options

server.properties

com.openexchange.IPCheck

The IPCheck enforces that a request in a certain session is only accepted if it comes from the same ip address that created the session. See OXSessionSecurityFeatures. Can be true or false

com.openexchange.UIWebPath

The UIWebPath contains the location of the OX frontend. If a formlogin doesn't supply a ui web path, this one will be used instead.

com.openexchange.cookie.ttl

The time it takes for the secret and session cookies to expire. This should be the same length as com.openexchange.sessiond.sessionLongLifeTime. See also OXSessionAutologin. This value is a number followed by a unit of measurement. 1W for example meaning one week. The units are: D(=days) W(=weeks) H(=hours) M(=minutes).

com.openexchange.cookie.httpOnly

Whether or not the HttpOnly option should be added to cookies. This option asks the browser to disallow access to the cookies from javascript code running in the browser. See also OXSessionSecurityFeatures. Can be true or false.

com.openexchange.cookie.hash

Whether the cookie hash is calculated on every request, forcing the client fingerprint to be checked or whether it is remembered in the session. See also OXSessionSecurityFeatures.

com.openexchange.cookie.hash.fields

A comma-separated list of header names that should be included in the cookie hash calculation. See also OXSessionSecurityFeatures.

sessiond.properties

com.openexchange.sessiond.maxSession

The maximum number of sessions served by this OX node. After this number of sessions is created, no new sessions can be created until old ones are closed. You'll probably want to increase this as the session lifetime is increased. 0 meaning no session limit is in effect.

com.openexchange.sessiond.maxSessionPerUser

The maximum number of sessions that one use can have open simultaneously. A user can not create any more sessions if this number has been exceeded. You'll probably want to increase this as the session lifetime is increased.

com.openexchange.sessiond.sessionDefaultLifeTime

The number of milliseconds after which an inactive session is placed in hibernation. See also OXSessionLifecycle.

com.openexchange.sessiond.sessionLongLifeTime

The duration for which a session is kept in hibernation before finally closing it. This is a number and a unit, so 1W for example, means one week. The units are: D(=days) W(=weeks) H(=hours) M(=minutes). This value shouldn't be larger than com.openexchange.cookie.ttl. See also OXSessionLifecycle

com.openexchange.sessiond.autologin

Whether an autologin is enabled or not. Can be true or false. See also OXSessionAutologin.

login.properties

com.openexchange.ajax.login.errorPageTemplate

Points to a file containing a template for login error pages after a formlogin.