...
web.xml: Session timeout, secure flag on cookies
Session timeout
The default session timeout period is 30 minutes. You can change this to a different period e.g. 12 hours (720 minutes) by doing the following:
...
| Code Block | ||
|---|---|---|
| ||
<session-config> <session-timeout>720</session-timeout> </session-config> |
Secure flag on cookies
If you are going to set up an encypted connection to PhixFlow, i.e. access via HTTPS (see Configure tomcat for HTTPS), you may also want to set the secure flag on cookies. This is a further security measure that reduces the risk of the cookies that PhixFlow creates being maliciously used to gain unauthorised access, and is a commonly used setting for web applications (https://www.owasp.org/index.php/SecureFlag). To do this, add a <cookie-config> block to the <session-config> block in the web.xml file, as in the example below.
...