Quark Platform Session Timeout

A Platform session is terminated by the server if no requests are invoked corresponding to it for a duration greater than Session Timeout. Session timeout value is configured via property session.maxIdle in config file ServerApp.properties . Default value of session timeout is 60 seconds.


To prevent server side termination of client’s session when user is idle, all Platform Clients including web applications (Workspace & Quark Author) periodically invoke a lightweight request of keepAlive(). In case of Quark Author, this keepAlive request is invoked in background. Interval of periodic keepAlive() request is a fraction (typically half) of configured session timeout value. Hence if session timeout threshold is 60 seconds, then a keepAlive() request is invoked every 30 seconds.

HTTP Session and Timeout

Platform web applications (Workspace and Quark Author) maintain user and document state using HTTP session. Platform session corresponding to a web user is also maintained via HTTP session. Most web servers have a mechanism of terminating HTTP sessions if no web requests are issued corresponding to the web session i.e. if there is no activity from browser. Typical value of web session timeout (in case of tomcat) is 30 minutes. Since this value is much larger than the Platform session timeout, a user’s web session is never terminated due to inactivity because keepAlive() requests are handled periodically by web server.

Based on above configuration values, a Platform session is never terminated due to user inactivity. Even in idle condition, the session will continue forever if the browser/tab is open.

The value of Platform Session idle threshold, as configured via property session.maxIdle, must be less than HTTP session timeout of web server. In case maxIdle is set to a very large value such as 2Hrs while keeping web session timeout at 30minutes, then keepAlive() requests will only be issued once per hour. This could lead to a situation where the web session may be idle for more than 30 minutes and will get terminated by web server. Any subsequent request will fail because platform session information stored in web user’s HTTP session was destroyed due to inactivity.