Tips on Dealing with the Session Time Out Popup


During performance tuning engagements, the A-Team frequently recommends that the HTTP session timeout value for WebCenter custom portal applications be set to a lower value (for example:10 minutes) than the out-of-the-box value of 45 minutes.  The lower number helps the server stay performant, particularly during significant load.  The longer the session time, the longer the server will have to hold memory until the inactive session(s) expires.  Configuring the session timeout value is simple and can be done through the web.xml file:


Once this value is set, a warning popup will appear, with a default value of two seconds, before the session is set to expire.  After the warning has expired, the final page-expire message appears.


Having these messages appear is usually justified in many custom portal deployments.  However, in the majority of custom portals, a session is equivalent to being logged in.  So in the instance of a public user, the appearance of these messages may not be an expected behavior.  The good news is that there is an easy configuration to disable these messages and keep them from appearing.

Main Article

The following configuration settings in the web.xml do all of the work:



The STATE_SAVING_METHOD value is set to client, and the value correlates to the value needed for a page’s af:document tag.  This tag, has the stateSaving property set to default, which means it gets the value from the init-context-param.  Notice that the WARNING_BEFORE_TIMEOUT value has been set to 0.  Out-of-the-box, the default value is 120 seconds.

Any value less than the default will disable the popup.

The unfortunate news is that this configuration only keeps the popup message from appearing.  Any subsequent page action, partial-page event, or navigation through an af:commandLink will produce the un-handled, ViewExpiredException (ADF_FACES-60098) in the Faces, RESTORE_VIEW, lifecycle:


The issue is also detailed in the log message:

javax.faces.application.ViewExpiredException: viewId:/programs – ADF_FACES-30108:The view state of the page has expired because of inactivity.  Reload the page.
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._restoreView(
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(
at javax.faces.webapp.FacesServlet.service(
at weblogic.servlet.internal.StubSecurityHelper$
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(
at weblogic.servlet.internal.ServletStubImpl.execute(
at weblogic.servlet.internal.TailFilter.doFilter(

For a WebCenter custom portal application the use of goLinks that use the navigation model based prettyURL as the destination is preferred.  goLinks will not have this particular issue, since the framework will handle creating a new state.

One way of handling this would be to extend the portal application to support a custom exception handler.  In this blog post, I would like to introduce an alternative approach.

The solution would use a servlet filter to handle the exception and then enable the application to control the recovery destination.  For example, one scenario is to be able to either return to the page that I was previously on, or navigate to the page that I have chosen through one of the (navigation model) page links.  Since this solution is based on custom code, there could be also support for other use cases.  Here is the code, which supports the scenario that I have mentioned:

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class SessionExpiryFilter implements Filter {
    private FilterConfig _filterConfig = null;

    public SessionExpiryFilter() {

    public void init(FilterConfig filterConfig) throws ServletException {
        _filterConfig = filterConfig;

    public void doFilter(ServletRequest servletRequest,
                         ServletResponse servletResponse,
                         FilterChain filterChain) throws IOException,
                                                         ServletException {
        String requestedSession =
        String currentWebSession =
        String requestURI =
        boolean sessionOk =
        System.out.println("currentWebSession == requestedSession? : " + sessionOk);
        if (!sessionOk && requestedSession != null) {
            System.out.println("redirecting to : " + requestURI);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
            System.out.println("session is OK");

    public void destroy() {
        _filterConfig = null;

Basically, the code compares the value of the session IDs.  If the IDs do not match, then a redirect executes to the page that is determined by the getRequestURI().  Otherwise, the normal handling of the request is done.  The following is how the servlet filter is registered with the application through the web.xml file:

   <servlet-name>Faces Servlet</servlet-name>

Both the popup and inactive session error messages can be easily managed.  However, since WebCenter (really ADF) is a stateful application framework, once the session has been timed out (invalidated), the state of the application is lost as well.  This means any managed beans, ADF bindings, .etc would reset to the initial state.  In addition, any information that was being persisted in a managed bean would also be lost.


  1. Hi Martin,

    Implemented above solution to handle the application session timeout for 20 mins. After 20 mins, the session is getting cleared but we are getting below mentioned exception in server logs.
    Can you please help.

    [2017-07-07T12:52:15.191+01:00] [WC_CustomPortal1] [WARNING] [WCS-40025] [oracle.portlet.client.adapter.base.BasePortletContainerSessio
    nListener] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [ecid: 3fa2bb12b7707ed8:21c9f08f:15d1c
    c3f543:-8000-0000000000000220,0] [APP: OperationsPortal] Muffling exception in method sessionDestroyed, context = Session ID: XCYc0RP5m
    java.lang.RuntimeException: java.lang.NoSuchMethodException: oracle.adfinternal.view.faces.portlet.FacesPortletContainerExternalContext
    .(oracle.portlet.client.containerimpl.PortletContainerExternalConfig, oracle.portlet.client.containerimpl.PortletCustomisationCon
    text, java.util.Locale, javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
    at oracle.portlet.client.adapter.adf.ADFAdapter$Context.createExternalContext(
    at oracle.portlet.client.adapter.adf.ADFAdapter$Context.createPortletContainer(
    at oracle.portlet.client.adapter.adf.ADFAdapter$Context.(
    at oracle.portlet.client.adapter.adf.ADFAdapter.createContext(
    at oracle.portlet.client.adapter.adf.ADFAdapter.getContext(
    at oracle.portlet.client.adapter.adf.ADFAdapter.init(
    at oracle.portlet.client.adapter.adf.ADFPortletSessionListener.getPortletContainer(
    at oracle.portlet.client.adapter.base.BasePortletContainerSessionListener.sessionDestroyed(BasePortletContainerSessionListener.
    at weblogic.servlet.internal.EventsManager.notifySessionLifetimeEvent(
    at weblogic.servlet.internal.EventsManager.notifySessionLifetimeEvent(
    at weblogic.servlet.internal.session.SessionData.remove(
    at weblogic.servlet.internal.session.ReplicatedSessionData.remove(
    at weblogic.servlet.internal.session.ReplicatedSessionContext.invalidateSession(
    at weblogic.servlet.internal.session.SessionContext$
    at weblogic.servlet.internal.session.SessionContext.invalidateSession(
    at weblogic.servlet.internal.session.SessionContext.access$400(
    at weblogic.servlet.internal.session.SessionContext$SessionInvalidator.cleanupExpiredSessions(
    at weblogic.servlet.internal.session.SessionContext$SessionInvalidator$
    at weblogic.servlet.internal.session.SessionContext$SessionInvalidator.timerExpired(
    Caused by: java.lang.NoSuchMethodException: oracle.adfinternal.view.faces.portlet.FacesPortletContainerExternalContext.(oracle.po
    rtlet.client.containerimpl.PortletContainerExternalConfig, oracle.portlet.client.containerimpl.PortletCustomisationContext, java.util.L
    ocale, javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
    at java.lang.Class.getConstructor0(
    at java.lang.Class.getConstructor(
    at oracle.portlet.client.adapter.adf.ADFAdapter$Context.createExternalContext(
    … 26 more

  2. Deep Saurabh says:

    The above trick will not work in Jdev12 and onwards,

    If you have security in place first try login page approach as mentioned in :

    If your application do not have unbounded taskflow (i.e. all page except login are in bounded taskflow) you can define welcome page.

    If neither of above two is working , override NewSessionURLProvider service/provider.
    ( )
    In the web lib’s META-INF/services folder you should have file:
    (for quick test run from jdev create META-INF/services under your ViewController/public_html/WEB-INF/classes/)

    Which should contain FQCN of your custom overridden AdfcNewSessionURLProvider class.

  3. Hi,

    If I was to remove the parameter from web.xml file? Would my Portal application still timeout at 45 minutes? Since that’s the out of the box value?

    I am on the following version of WebCenter:


    • Hi Derrick, sorry for the late reply. If I recall for WebCenter portal applications (not Spaces), if there is no explicit session time out value specified in the web.xml, then the app will default to the WebLogic timeout value. This value (in the WebLogic documentation) defaults to 60 minutes. Please note that the default 45 minute value is only for Spaces, since this value is pre-set in the Spaces, web.xml. In addition, it is strongly recommended that the time out value be set to be as low as possible. Otherwise, the server may exhibit resource issues.

Add Your Comment