Nexus HTTP Session Management

Nexus HTTP Session Facts

HTTP sessions in Nexus are only relevant when a user is viewing the Nexus UI.

HTTP session cookies are required to persist the session in the client browser.

Reliably expiring the HTTP sessions is only possible in Nexus 2.7.1 and greater.

The Nexus UI will automatically ping the `nexus/service/local/status?perms` resource URL every 15 minutes, as long as the browser is open viewing the Nexus UI.

The 15 minute ping value is hardcoded and cannot be changed.

By default, HTTP sessions on the backend expire after 30 minutes of inactivity.

Every minute, the Nexus backend will delete any HTTP sessions it has cached that are older than 30 minutes.

Explicitly setting a session timeout value does not force re-authentication every n milliseconds, it will only keep the backend session alive for up to n milliseconds after the last related HTTP request.

We have an article with more details about the Nexus session cookie name.

Disabling the Automatic UI Session Ping

These steps only apply in Nexus 2.7.1 and greater. Earlier versions are not supported.

  1. Edit conf/nexus.properties. Add on an empty line:

    nexus.ui.keepAlive=false
    
  2. Restart Nexus

After these changes, any new browser session will no longer ping the backend to keep the HTTP session alive. HTTP sessions will expire only after 30 minutes of inactivity.

Changing the HTTP Session Timeout Value

Disable the UI ping if you need to distinguish between idle UI sessions and actual user activity.

These steps only apply to Nexus 2.7.1 and greater.

  1. Edit conf/nexus.properties. Add on an empty line:

    shiro.globalSessionTimeout=300000

    The timeout is configured in milliseconds, so the above will give you a 5 minute timeout.

  2. Restart Nexus

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk