I would like to fix an hard session timeout.
When a user login in the application, the session has a hard limit of (e.g.) 20 minutes. Whatever the user is doing during this period, when 30 minutes is reached I need to be able to invalidate the Portal session.
My question is where should I start to invalidate the portal session. The Object PortalSession does not expose the HttpSession.
You dont need access to HttpSession. When Portlet Session is invalidated, corresponding Http Session for the user is also invalidated i believe.