000020426 - Would like Access Manager/ClearTrust to retain session information if the application times out if a user takes too long filling out a form.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020426
Applies ToClearTrust 4.6 Web Agent
Access Manager Web Agent
IssueWould like Access Manager/ClearTrust to retain session information if the application times out if a user takes too long filling out a form.
When a user attempts to complete a form and submits it after the idle timeout specified in webagent.conf (cleartrust.agent.idle_timeout, defaulting to 15 minutes), the user is redirected to the login page and all session information is lost.
CauseAccess Manager/ClearTrust agent does not retain any session-specific information in the cookie, except for the user ID of the AXM/CT user encoded in the token stored in the cookie.  As well, the AXM/CT servers do no session tracking.
ResolutionFor the ClearTrust 4.6 agent, hotfix 4.6.0.41 was issued that addressed this problem by allowing a user to configured two new webagent.conf parameters cleartrust.agent.post_url_idle_timeout and cleartrust.agent.post_url_idle_timeout_list.  The former is used to specify a timeout value that applies specifically to protected URLs of pages where the user might be expected to remain "idle" (no requests to the webserver) for a period of time that greatly exceeds the normal idle timeout.  The latter parameter is used to specify the specific URLs to which the former parameter's value applies.
Legacy Article IDa34363

Attachments

    Outcomes