Opencast configuration etc/org.ops4j.pax.web.cfg has an option to define the user session timeout value in

Setting this value has no effect on Opencast 15 and 16. The root cause are two bugs in underlying framework pax-web. The issues are documented and already fixed in the newer versions but it has to find a way back to Opencast.

• [8.0.x] configuration:org.ops4j.pax.web.session.timeout did not take effect ops4j/org.ops4j.pax.web#1912
  • The value of org.ops4j.pax.web.session.timeout will be overwritten by the default value of 30 minutes
  • fixed in pax-web 8.0.25, is part of Karaf 4.4.6 -> available in Opencast 16
• [8.0.x] Pax Web Jetty doesn't multiply session timeout by 60 in all required places. ops4j/org.ops4j.pax.web#1952
  • The value of org.ops4j.pax.web.session.timeout is interpreted as seconds and not minutes as it should be
  • fixed in pax-web 8.0.28, not available in latest Karaf release, probably is part of Karaf 4.4.7

How to reproduce

1. Edit /etc/opencast/org.ops4j.pax.web.cfg and set org.ops4j.pax.web.session.timeout=1 (1 minute session timeout).
2. Restart Opencast
3. Login to Opencast by unchecking the remember-me checkbox!
4. Wait a bit longer then 1 minute.
5. Your session should be invalid and you should be redirected to the login page.

But this is not the case. There are workarounds available.

Opencast 15 workaround

Run this commands and restart Opencast (updated)

sudo sed -i 's/8.0.22/8.0.29/g' /usr/share/opencast/system/org/apache/karaf/features/standard/4.4.4/standard-4.4.4-features.xml
sudo sed -i 's/8.0.22/8.0.29/g' /etc/opencast/org.apache.karaf.features.cfg

Opencast 16 workaround

Set the value of org.ops4j.pax.web.session.timeout in seconds in /etc/opencast/org.ops4j.pax.web.cfg.