diff --git a/server/configs/application.properties b/server/configs/application.properties
index 9f405cb8d7..c809a9a41e 100644
--- a/server/configs/application.properties
+++ b/server/configs/application.properties
@@ -7,9 +7,13 @@ server.port=@@serverPort@@
 #server.ssl.key-alias=my_selfsigned
 #server.ssl.key-store=/path/to/key-store-file
 #server.ssl.key-store-password=pwd
-#server.ssl.key-store-type=key-store-type
+# Typically either PKCS12 or JKS
+#server.ssl.key-store-type=PKCS12
 #server.ssl.ciphers=ciphers
 
+# HTTP-only port for servers that need to handle both HTTPS (configure via server.port and server.ssl above) and HTTP
+#context.httpPort=8080
+
 context.dataSourceName[0]=jdbc/labkeyDataSource
 context.driverClassName[0]=@@jdbcDriverClassName@@
 context.url[0]=@@jdbcURL@@
@@ -84,9 +88,12 @@ mail.smtpUser=@@smtpUser@@
 
 #useLocalBuild#spring.devtools.restart.additional-paths=@@pathToServer@@/build/deploy/modules,@@pathToServer@@/build/deploy/embedded/config
 
-# Make management endpoints accessible with LabKey at ROOT context path
-server.servlet.context-path=/actuator
-management.endpoints.web.base-path=/
+# HTTP session timeout for users - defaults to 30 minutes
+#server.servlet.session.timeout=30m
+
+## Make management endpoints accessible with LabKey at ROOT context path
+#server.servlet.context-path=/actuator
+#management.endpoints.web.base-path=/
 #Enable shutdown endpoint
 management.endpoint.shutdown.enabled=true
 # turn off other endpoints
diff --git a/server/embedded/src/org/labkey/embedded/LabKeyServer.java b/server/embedded/src/org/labkey/embedded/LabKeyServer.java
index cc02638d2b..3e2a1a167f 100644
--- a/server/embedded/src/org/labkey/embedded/LabKeyServer.java
+++ b/server/embedded/src/org/labkey/embedded/LabKeyServer.java
@@ -1,5 +1,6 @@
 package org.labkey.embedded;
 
+import org.apache.catalina.connector.Connector;
 import org.apache.catalina.core.StandardContext;
 import org.apache.catalina.loader.WebappLoader;
 import org.apache.catalina.startup.Tomcat;
@@ -17,6 +18,7 @@
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
 import org.springframework.boot.web.embedded.tomcat.TomcatWebServer;
+import org.springframework.boot.web.servlet.ServletContextInitializer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.validation.annotation.Validated;
@@ -111,7 +113,7 @@ public JsonAccessLog jsonAccessLog()
     @Bean
     public TomcatServletWebServerFactory servletContainerFactory()
     {
-        return new TomcatServletWebServerFactory()
+        var result = new TomcatServletWebServerFactory()
         {
             @Override
             protected TomcatWebServer getTomcatWebServer(Tomcat tomcat)
@@ -145,9 +147,15 @@ protected TomcatWebServer getTomcatWebServer(Tomcat tomcat)
                         webAppLocation = contextProperties.getWebAppLocation();
                     }
 
+                    tomcat.setAddDefaultWebXmlToWebapp(false);
+
                     // tomcat requires a unique context path other than root here
                     // can not set context path as "" because em tomcat complains "Child name [] is not unique"
                     StandardContext context = (StandardContext) tomcat.addWebapp("/labkey", webAppLocation);
+
+                    // Propagate standard Spring Boot properties such as the session timeout
+                    configureContext(context, new ServletContextInitializer[0]);
+
                     CSPFilterProperties cspFilterProperties = cspSource();
 
                     if (cspFilterProperties.getEnforce() != null)
@@ -443,6 +451,18 @@ private ContextResource getMailResource()
                 return mailResource;
             }
         };
+
+        var contextProperties = contextSource();
+
+        if (contextProperties.getHttpPort() != null)
+        {
+            Connector httpConnector = new Connector();
+            httpConnector.setScheme("http");
+            httpConnector.setPort(contextProperties.getHttpPort());
+            result.addAdditionalTomcatConnectors(httpConnector);
+        }
+
+        return result;
     }
 
     private static void extractExecutableJar(String destDirectory, String jarFilePath)
@@ -668,6 +688,7 @@ public static class ContextProperties
         private String requiredModules;
         private boolean bypass2FA = false;
         private String serverGUID;
+        private Integer httpRedirectorPort;
         private Map<Integer, String> maxTotal;
         private Map<Integer, String> maxIdle;
         private Map<Integer, String> maxWaitMillis;
@@ -816,6 +837,16 @@ public void setBypass2FA(boolean bypass2FA)
             this.bypass2FA = bypass2FA;
         }
 
+        public Integer getHttpPort()
+        {
+            return httpRedirectorPort;
+        }
+
+        public void setHttpRedirectorPort(Integer httpRedirectorPort)
+        {
+            this.httpRedirectorPort = httpRedirectorPort;
+        }
+
         public String getServerGUID()
         {
             return serverGUID;