I'm trying to deploy Alfresco 2.1.0 Community on an intranet. I'm using JDK 6u4, Tomcat 6.0.14, and chaining authentication with LDAP against AD. Users can login but logins expire way too soon (30 minutes? A few hours? Is it tied to the session timeout?). On an intranet it is cumbersome if users constantly have to login again and there is no need for logins to expire. How do I prevent logins from expiring? Note I'm not asking about session expiration. Sessions may expire much sooner, but there is no reason for logins to expire (see MediaWiki, phpBB) since login state is kept in cookies on the client (isn't it?), hence not burdening the server. Where is the setting in Alfresco that controls for how long logins are valid? I could set <session-timeout> in web.xml to -1 for non-expiring sessions but wouldn't that cause a lot of session state to build up on the server?
I think what I need to know is: How do I delay the expiration of the "alfUser" cookie without increasing the <session-timeout>?
Also note that NTLM auto-login is not an option in my deployment scenario.
Thanks!
