Visit my.sonatype.com for documentation on Nexus Repository version 2.
- HTTP sessions in Nexus Repository 2 are only relevant when a user is viewing the UI.
- HTTP session cookies are required to persist the session in the client browser.
- Reliably expiring the HTTP sessions is only possible in Nexus 2.7.1 and greater.
The Nexus Repository 2 UI will automatically ping the `nexus/service/local/status?perms` resource URL every 15 minutes, as long as the browser is open viewing the UI.
The 15-minute ping value is hardcoded and cannot be changed.
By default, HTTP sessions on the backend expire after 30 minutes of inactivity.
Every minute, the Nexus Repository 2 backend will delete any HTTP sessions it has cached that are older than 30 minutes.
Explicitly setting a session timeout value does not force re-authentication every n milliseconds, it will only keep the backend session alive for up to n milliseconds after the last related HTTP request.
We have an article with more details about the Nexus session cookie name.
Disabling the Automatic UI Session Ping
These steps only apply in Nexus Repository 2.7.1 and greater. Earlier versions are not supported.
-
Edit
conf/nexus.properties. Add on an empty line:nexus.ui.keepAlive=false
-
Restart Nexus Repository 2
After these changes, any new browser session will no longer ping the backend to keep the HTTP session alive. HTTP sessions will expire only after 30 minutes of inactivity.
Changing the HTTP Session Timeout Value
Disable the UI ping if you need to distinguish between idle UI sessions and actual user activity.
These steps only apply to Nexus Repository 2.7.1 and greater.
-
Edit
conf/nexus.properties. Add on an empty line:shiro.globalSessionTimeout=300000
The timeout is configured in milliseconds, so the above will give you a 5-minute timeout.
-
Restart Nexus Repository 2