LTPA Token expiration and session timeout

[zl]

Does anyone know the logical way of setting the LTPA token expiration time
and session timeout?

If we set LTPA expiration longer than session timeout. When session
expires, LTPA token is still valid, so user is not required to login again.

If we set LTPA expiration shorter than session, the user is required to
re-login after the LTPA expiration time even there is session activity.

I am using WebSphere AE 4.0.4 and LDAP server for authentication (SSO).

Thanks.

[Vijay Subramanium]

We had a requirement to implement a 2 hours inactivity timeout. So we have
set the session timeout to 2 hours for all our web applications and LTPA
expiration to 10 hours. We decided to manually logout the user if a request
is received from a user who is inactive for more than 2 hours.

Vijay

"zl" <z...@nospam.org> wrote in message
news:b8soi0$2mjs$1...@news.boulder.ibm.com...

[ZL]

Thanks for the reply.

When you said manually logout, how? Using Javascripts or something else on
the server?

"Vijay Subramanium" <Subr...@strsoh.org> wrote in message
news:b98agt$3tp6$1...@news.boulder.ibm.com...

[Vijay Subramanium]

We have logic on the controller to check if the user is requesting for a
resource after the allowed inactivity time. Based on this check we use the
ServerSideAuthenticator to logout the user.

Vijay
"ZL" <z...@nospam.org> wrote in message
news:b98ejm$3nmc$1...@news.boulder.ibm.com...

[ZL]

I only know how to use ServerSideAuthenticator to do login. Can you point
me out where to find documentation to do logout? Thanks.
(I am using WAS AE 4.0.5)

"Vijay Subramanium" <Subr...@strsoh.org> wrote in message

news:b98hrm$3nl0$1...@news.boulder.ibm.com...