The IPCheck enforces that a request in a certain session is only accepted if it comes from the same ip address that created the session. See OXSessionSecurityFeatures. Can be true or false
The UIWebPath contains the location of the OX frontend. If a formlogin doesn't supply a ui web path, this one will be used instead.
The time it takes for the secret and session cookies to expire. This should be the same length as com.openexchange.sessiond.sessionLongLifeTime. See also OXSessionAutologin. This value is a number followed by a unit of measurement. 1W for example meaning one week. The units are: D(=days) W(=weeks) H(=hours) M(=minutes).
Whether the cookie hash is calculated on every request, forcing the client fingerprint to be checked or whether it is remembered in the session. See also OXSessionSecurityFeatures.
A comma-separated list of header names that should be included in the cookie hash calculation. See also OXSessionSecurityFeatures.
The maximum number of sessions served by this OX node. After this number of sessions is created, no new sessions can be created until old ones are closed. You'll probably want to increase this as the session lifetime is increased. 0 meaning no session limit is in effect.
The maximum number of sessions that one use can have open simultaneously. A user can not create any more sessions if this number has been exceeded. You'll probably want to increase this as the session lifetime is increased.
The number of milliseconds after which an inactive session is placed in hibernation. See also OXSessionLifecycle.
The duration for which a session is kept in hibernation before finally closing it. This is a number and a unit, so 1W for example, means one week. The units are: D(=days) W(=weeks) H(=hours) M(=minutes). This value shouldn't be larger than com.openexchange.cookie.ttl. See also OXSessionLifecycle
Whether an autologin is enabled or not. Can be true or false. See also OXSessionAutologin.
Points to a file containing a template for login error pages after a formlogin.