Our authors are concerned that they can start editing a document, walk away, and continue editing later without an indication they have timed out of their authoring session.
This appears to be browser dependent (happening more in Chrome than in Firefox - which at least shows a 500/Server error). Are there settings that we can configure to improve the experience? If there are developer changes that need to be made, is there any documentation to point our developers in the right direction to improve the authoring timeout experience?
Perhaps you can try to either set the CMS application’s pinger [1] timeout to the same value of the SSO timeout, or disable it, just sticking with servlet container’s session timeout.
Per the documentation, the default pinger is every 20seconds. However, the pinger doesn’t appear to validate our SSO implementation - and authors only discover they are logged out when saves don’t work/don’t respond. This is browser dependend (FireFox appears to show a 500 error on its own, but Chrome shows no indication until you refresh the page & get a logged out status.)
Per the documentation, the default pinger is every 20seconds. However, the pinger doesn’t appear to validate our SSO implementation - and authors only discover they are logged out when saves don’t work/don’t respond.
The pinger just makes a request once every N seconds (the interval configuration) in order to keep the valid web session. So, it’s unrelated to the underlying SSO integrated in the server, IIUC.
Suppose your SSO server invalidates a session after 30 mins’ inactivity or no-validating request. If you set the cms webapp’s session timeout in web.xml to 30 mins and disable the pinger or set the interval to a value smaller than 30mins, I can imagine that cms webapp would be able to redirect the user to the login page more promptly.