Setting Server Side Timeout for Session Management

Describes how to configure server side timeout to automatically log a Data Fabric user out of an inactive user session in the Data Fabric Web UI application (Control System UI, the Object Store UI or the Data Fabric UI).

IMPORTANT

The value of session-timeout in /opt/mapr/apiserver/conf/web.xml is specified in minutes, whereas the value of time-to-live-seconds and max-idle-seconds in /opt/mapr/apiserver/conf/hazelcast.xml are specified in seconds. The Data Fabric web server side timeout will work only if following variables are set to the same value (the value must be the same when a common unit of measurement is considered for all the tags in the relevant xml files).

To enable the automatic logout of a user during an inactive session for session timeout management of the Control System, the Object Store UI or the Data Fabric UI, you must set the following tags to the same value.

Server time out value in web.xml (session-timeout tag in /opt/mapr/apiserver/conf/web.xml)
Server time out value in hazelcast.xml ( time-to-live-seconds and max-idle-seconds tags in /opt/mapr/apiserver/conf/hazelcast.xml)
If SSO is enabled, the timeout value is set in SSO service provider realm (SSO Session Idle) for the SSO user. This value should be two minutes less compared to session-timeout value in web.xml. See Keycloak Server Administration Guide for more information. Additionally, the value of the Access Token Lifespan variable on Keycloak must be less than the value of the SSO Session Idle variable on Keycloak.
NOTE
A user session becomes inactive only when web browser tab or window running the Data Fabric UI web application is closed.

Example

For example, to initiate an auto-logout of a user after an inactive session of 5 minutes, do the following:

In /opt/mapr/apiserver/conf/web.xml, set the session-timeout as 5 minutes.
```
<session-timeout>5</session-timeout>
```

In /opt/mapr/apiserver/conf/hazelcast.xml, set the time-to-live-seconds as 300 seconds.

<time-to-live-seconds>300</time-to-live-seconds>                                                                                                |
<max-idle-seconds>300</max-idle-seconds>

If SSO is enabled, the SSO Session Idle value be set to 3 minutes in the SSO service provider realm for the SSO user. TheAccess Token Lifespan could be 1 minute.

Once this is done, a user is logged out automatically from the Control System, the Object Store UI or the Data Fabric UI, when the user session is inactive for a the specified time.

HPE Ezmeral Data Fabric 7.10.0 Documentation
Abstract	This site contains documentation for the customer-managed platform of the HPE Ezmeral Data Fabric version 7.10.0 including installation, configuration, administration, and reference content, as well as content for the associated bundled ecosystem components and drivers.
Published	June 2025
Edition	7.10.0
Topic last updated	2025-06-11