legacy-knowledge-base
公開されました Jul. 2, 2025

Liferay でのセッション管理

written-by

Sivakumar Perumal

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

legacy-article

learn-legacy-article-disclaimer-text

問題

  • セッションが Liferay でどのように管理されているか、および同じように構成するすべての異なるタイプは何ですか。 また、Liferay セッションが javascript が無効になっているブラウザで機能するかどうかを教えてください。

Environment

  • Liferay DXP 7.1

解決策

  1. Liferay でセッションを管理する方法

    アプリケーション サーバーはセッションの有効期限を管理します JSESSIONID Cookie は、ブラウザーとサーバー間のセッションを識別するのに役立ちます。Cookie が有効になっていない場合、;jsessionid= の部分が URL に追加され、セッション ID がそこで処理されます。 デフォルトでは、セッション タイムアウトは 15 分です

  2. Liferay でセッションを構成するためのさまざまなタイプ

    これらは、 portal-ext.propertiesで構成できる設定です。

    ##
    ## Session
    ##
    #
    # Set the maximum number of key value pairs that can be stored in the
    # session via SessionClicks. See LPS-20096 for more information.
    #
    # Env: LIFERAY_SESSION_PERIOD_CLICKS_PERIOD_MAX_PERIOD_ALLOWED_PERIOD_VALUES
    #
    session.clicks.max.allowed.values=1024

    #
    # Set the maximum size of key and value terms that can be stored in the
    # session via SessionClicks. See LPS-20096 for more information.
    #
    # Env: LIFERAY_SESSION_PERIOD_CLICKS_PERIOD_MAX_PERIOD_SIZE_PERIOD_TERMS
    #
    session.clicks.max.size.terms=1024

    #
    # Specify the delimiter for parsing compound session IDs.
    #
    # This addresses an issue with Weblogic and all application servers where
    # the application server appends a unique JVM code to the session ID. See
    # LPS-18587.
    #
    # Set a blank delimiter for the portal to attempt to detect a delimiter
    # based on the application server.
    #
    # Env: LIFERAY_SESSION_PERIOD_ID_PERIOD_DELIMITER
    # Env: LIFERAY_SESSION_PERIOD_ID_PERIOD_WEBLOGIC_PERIOD_DELIMITER
    #
    session.id.delimiter=
    session.id.weblogic.delimiter=!

    #
    # Specify the maximum number of sessions allowed. A value of 0 or less than
    # 0 means there is no limit. A value greater than 0 limits the number of
    # sessions by invalidating newer sessions.
    #
    # This property is not used unless the session max allowed filter is
    # enabled.
    #
    # Env: LIFERAY_SESSION_PERIOD_MAX_PERIOD_ALLOWED
    #
    session.max.allowed=0

    #
    # Specify the number of minutes before a session expires. This value is
    # always overridden by the value set in web.xml.
    #
    # Env: LIFERAY_SESSION_PERIOD_TIMEOUT
    #
    session.timeout=15

    #
    # Specify the number of minutes before a warning is sent to the user
    # informing the user of the session expiration. Specify 0 to disable any
    # warnings.
    #
    # Env: LIFERAY_SESSION_PERIOD_TIMEOUT_PERIOD_WARNING
    #
    session.timeout.warning=1

    #
    # Set the auto-extend mode to true to avoid having to ask the user whether
    # to extend the session or not. Instead, it will be automatically extended.
    # The purpose of this mode is to keep the session open as long as the user's
    # browser is open with a portal page loaded. It is recommended to use this
    # setting along with a smaller "session.timeout", such as 5 minutes, for
    # better performance.
    #
    # Env: LIFERAY_SESSION_PERIOD_TIMEOUT_PERIOD_AUTO_PERIOD_EXTEND
    #
    session.timeout.auto.extend=false

    #
    # When the property "session.timeout.auto.extend" is set to true, set the
    # number of seconds between when the extend process is launched and the
    # actual expiration of the session.
    #
    # Env: LIFERAY_SESSION_PERIOD_TIMEOUT_PERIOD_AUTO_PERIOD_EXTEND_PERIOD_OFFSET
    #
    session.timeout.auto.extend.offset=10

    #
    # Set this to true if the user is redirected to the default page when the
    # session expires.
    #
    # Env: LIFERAY_SESSION_PERIOD_TIMEOUT_PERIOD_REDIRECT_PERIOD_ON_PERIOD_EXPIRE
    #
    session.timeout.redirect.on.expire=false

    #
    # Portlets that have been configured to use private session attributes in
    # liferay-portlet.xml may still want to share some session attributes. This
    # property allows you to configure which session attributes will be shared.
    # Set a comma delimited list of attribute names that will be shared when the
    # attribute name starts with one of the specified attribute names. For
    # example, if you set the value to "hello_,world_", then all attribute names
    # that start with "hello_" or "world_" will be shared.
    #
    # Note that this property is used to specify the sharing of session
    # attributes from the portal to the portlet. This is not used to specify
    # session sharing between portlet WARs or from the portlet to the portal.
    #
    # Env: LIFERAY_SESSION_PERIOD_SHARED_PERIOD_ATTRIBUTES
    #
    session.shared.attributes=\
    COMPANY_,\
    LIFERAY_SHARED_,\
    PORTLET_RENDER_PARAMETERS_,\
    PUBLIC_RENDER_PARAMETERS_POOL_,\
    USER_
    #
    # Explicitly exclude attributes that are shared from the portal to portlets.
    #
    # Env: LIFERAY_SESSION_PERIOD_SHARED_PERIOD_ATTRIBUTES_PERIOD_EXCLUDES
    #
    session.shared.attributes.excludes=USER_PASSWORD

    #
    # Set this to true to store the user's password in the session.
    #
    # Env: LIFERAY_SESSION_PERIOD_STORE_PERIOD_PASSWORD
    #
    session.store.password=false

    #
    # Set this to false to disable all persistent cookies. Features like
    # automatically logging in will not work.
    #
    # Env: LIFERAY_SESSION_PERIOD_ENABLE_PERIOD_PERSISTENT_PERIOD_COOKIES
    #
    session.enable.persistent.cookies=true

    #
    # Set this to true to enable sessions when cookies are disabled. See
    # LEP-4787. This behavior is configurable because enabling it can break
    # certain setups.
    #
    # Env: LIFERAY_SESSION_PERIOD_ENABLE_PERIOD_URL_PERIOD_WITH_PERIOD_SESSION_PERIOD_ID
    #
    session.enable.url.with.session.id=false

    #
    # The login process sets several cookies if persistent cookies are enabled.
    # Set this property to set the domain of those cookies.
    #
    # Env: LIFERAY_SESSION_PERIOD_COOKIE_PERIOD_DOMAIN
    #
    #session.cookie.domain=

    #
    # Set this to true to use the full hostname for cookie domain values. By
    # default the domain is trimmed to use only the root domain to allow cross
    # domain logins.
    #
    # Env: LIFERAY_SESSION_PERIOD_COOKIE_PERIOD_USE_PERIOD_FULL_PERIOD_HOSTNAME
    # Env: LIFERAY_SESSION_PERIOD_COOKIE_PERIOD_USE_PERIOD_FULL_PERIOD_HOSTNAME_OPENBRACKET_TOMCAT_CLOSEBRACKET_
    #
    session.cookie.use.full.hostname=false
    session.cookie.use.full.hostname[tomcat]=true

    #
    # Set this to true to invalidate the session when a user logs into the
    # portal. This helps prevent phishing. Set this to false if you need the
    # guest user and the authenticated user to have the same session.
    #
    # Set this to false if the property "company.security.auth.requires.https"
    # is set to true and you want to maintain the same credentials across HTTP
    # and HTTPS sessions.
    #
    # Env: LIFERAY_SESSION_PERIOD_ENABLE_PERIOD_PHISHING_PERIOD_PROTECTION
    #
    session.enable.phishing.protection=true

    #
    # Set a comma delimited list of attribute names that will be copied to the
    # new session when the property "session.enable.phishing.protection" is set
    # to true.
    #
    # Env: LIFERAY_SESSION_PERIOD_PHISHING_PERIOD_PROTECTED_PERIOD_ATTRIBUTES
    #
    session.phishing.protected.attributes=\
    CAS_LOGIN,\
    HTTPS_INITIAL,\
    LAST_PATH,\
    OPEN_ID_CONNECT_SESSION,\
    SAML_SP_SESSION_KEY,\
    SAML_SSO_REQUEST_CONTEXT,\
    SETUP_WIZARD_PASSWORD_UPDATED
    #
    # Set this to true to test whether users have cookie support before allowing
    # them to sign in.
    #
    # Env: LIFERAY_SESSION_PERIOD_TEST_PERIOD_COOKIE_PERIOD_SUPPORT
    #
    session.test.cookie.support=true

    #
    # Set this to true to allow
    # com.liferay.portal.kernel.servlet.SerializableSessionAttributeListener to
    # test if an added session variable is serializable. Unserializable values
    # stored into the session will cause a session to not replicate if session
    # replication was enabled by the application server.
    #
    # Env: LIFERAY_SESSION_PERIOD_VERIFY_PERIOD_SERIALIZABLE_PERIOD_ATTRIBUTE
    #
    session.verify.serializable.attribute=true

    #
    # Input a list of comma delimited class names that extend
    # com.liferay.portal.struts.SessionAction. These classes will run at the
    # specified event.
    #

    #
    # Servlet Session Create Event
    #
    # Env: LIFERAY_SERVLET_PERIOD_SESSION_PERIOD_CREATE_PERIOD_EVENTS
    #
    servlet.session.create.events=com.liferay.portal.events.SessionCreateAction

    #
    # Servlet Session Destroy Event
    #
    # Env: LIFERAY_SERVLET_PERIOD_SESSION_PERIOD_DESTROY_PERIOD_EVENTS
    #
    servlet.session.destroy.events=\
    com.liferay.portal.events.SessionDestroyAction,\
    com.liferay.portal.events.ChannelSessionDestroyAction

    #
    # Set this to true to track user clicks in memory for the duration of a
    # user's session. Setting this to true allows you to view all live sessions
    # in the Admin portlet.
    #
    # This property is deprecated and will be removed in a future release.
    #
    # Env: LIFERAY_SESSION_PERIOD_TRACKER_PERIOD_MEMORY_PERIOD_ENABLED
    #
    session.tracker.memory.enabled=true

    #
    # Set this to true to track user clicks in the database after a user's
    # session is invalidated. Setting this to true allows you to generate usage
    # reports from the database. Use this cautiously because this will store a
    # lot of usage data.
    #
    # This property is deprecated and will be removed in a future release.
    #
    # Env: LIFERAY_SESSION_PERIOD_TRACKER_PERIOD_PERSISTENCE_PERIOD_ENABLED
    #
    session.tracker.persistence.enabled=false

    #
    # Set this to true to convert the tracked paths to friendly URLs.
    #
    # This property is deprecated and will be removed in a future release.
    #
    # Env: LIFERAY_SESSION_PERIOD_TRACKER_PERIOD_FRIENDLY_PERIOD_PATHS_PERIOD_ENABLED
    #
    session.tracker.friendly.paths.enabled=false

    #
    # Enter a list of comma delimited paths that should not be tracked.
    #
    # This property is deprecated and will be removed in a future release.
    #
    # Env: LIFERAY_SESSION_PERIOD_TRACKER_PERIOD_IGNORE_PERIOD_PATHS
    #
    session.tracker.ignore.paths=\
    /portal/render_portlet,\
    \
    /document_library/get_file
    セッション拡張には javascript が必要なため、Javascript なしでは機能しないことに注意してください

  3. Javascript が無効なブラウザで Liferay セッションが機能するかどうか

    はい、いくつかの制限はありますが、ほとんどの制限は UI に関連しています。 セッション処理の場合、セッション拡張機能のみがブラウザー側の JavaScript によって処理されます。

追加情報

did-this-article-resolve-your-issue

legacy-knowledge-base