Before changing the session timeout, it's important to recongize the different web sessions that have a timeout.

• Timeout for apps deployed to WebSphere
• Timeout for the WebSphere admin console

Timeout for apps

You may want to first read about the difference between a session and a cookie.

There are two session management levels. You can set the session management settings at the application server level, or at the application level. The settings at the application level will take precedence over the settings at the application server level.

Application:

1. In the WebSphere admin console, expand Application > Application Types, and select Websphere enterprise applications.
2. Select an application.
3. Select Session management.

Application server:

1. In the WebSphere admin console, expand Server > Server Types, and select Websphere applications servers.
2. Select an application server.
3. Select Session management.

By default, sessions will be destroyed after 30 minutes. If you change the timeout, restart the application or restart the JVM for this change to take effect.

For demonstration purposes, the screen shot below shows a Java app displaying the session ID number.

Then, after 30 minutes, the app has a new session ID number, since the prior session timed out after 30 minutes.

Timeout for the WebSphere admin console

The WebSphere admin console is produced by the isclite.ear application. The isclite.ear application is located at was_install_root/profiles/your_profile/config/cells/applications/isclite.ear. In the isclite.ear application is a file called deployment.xml. The deployment.xml file is located at /isclite.ear/deployments/isclite/deployment.xml. In the deployment.xml file is a key labeled invalidationTimeout.  By default, the invalidationTimeout key has a value of 30 (minutes). You will change this value to some other integer to change the timeout period. After changing the value, you will need to restart the dmgr for this change to take effect.

invalidationTimeout="30"