Some users have complained that they are being logged out of Zanata after a very short ammount of inactivity.
Increasing the session timeout period would solve this problem.
Per components.xml we have:
but I didn't find any evidence this was being used. If it isn't, then the default session timeout for Jboss is 30 mins.
Another option might be for us to call HttpSession.setMaxInactiveInterval programmatically, perhaps using the authenticatedSessionTimeoutMinutes value from ApplicationConfiguration. Similar to this: https://github.com/stefanotravelli/seam-2.2/blob/master/examples/wiki/src/main/org/jboss/seam/wiki/core/action/UserLogin.java#L52 That example Seam project seems to be set up in a very similar way, with authenticatedSessionTimeoutMinutes configured by components.xml. But in Zanata, it seems like we missed the bit of code which uses the configured timeout value.
However, note that increasing the timeout too much could increase our memory requirements drastically, especially if we put a lot of data into the session. (I suspect that includes Seam's session and conversation contexts.)
The good news is that increasing the timeout for authenticated sessions is not as bad as increasing the timeout for all sessions.
I think we should just add cookies and be done with it.
Do you mean persistent cookies? I believe session cookies are already in use as part of the normal Session mechanism.
This still doesn't solve the problem that Sean talks about, which is that we need to differentiate between non-authenticated and authenticated sessions.
I marked this as verified for workflow purposes.