|Applies To||ClearTrust 4.6 Web Agent|
Access Manager Web Agent
|Issue||Would like Access Manager/ClearTrust to retain session information if the application times out if a user takes too long filling out a form.|
When a user attempts to complete a form and submits it after the idle timeout specified in webagent.conf (cleartrust.agent.idle_timeout, defaulting to 15 minutes), the user is redirected to the login page and all session information is lost.
|Cause||Access Manager/ClearTrust agent does not retain any session-specific information in the cookie, except for the user ID of the AXM/CT user encoded in the token stored in the cookie. As well, the AXM/CT servers do no session tracking.|
|Resolution||For the ClearTrust 4.6 agent, hotfix 18.104.22.168 was issued that addressed this problem by allowing a user to configured two new webagent.conf parameters cleartrust.agent.post_url_idle_timeout and cleartrust.agent.post_url_idle_timeout_list. The former is used to specify a timeout value that applies specifically to protected URLs of pages where the user might be expected to remain "idle" (no requests to the webserver) for a period of time that greatly exceeds the normal idle timeout. The latter parameter is used to specify the specific URLs to which the former parameter's value applies.|
|Legacy Article ID||a34363|