hi,
How to configure the time out in webaccess to automatically loging out a user who did not do any action in webaccess for 3 minutes?
Thanks,
Dory
There is a parameter in the web.config file under ..\Web Access\Web Files that governs the session timeout. If you want your session to time out in 3 minutes, replace the parameter with "3" (the default is 30 minutes).
<sessionState timeout="3"/>
If you didn't alter the default IIS app pool time out and recycle settings, then you are done.
To check if you have altered the IIS settings, open the IIS Manager, select WebAccessAppPool, right-click and hit "Advanced Settings". Under Process Model, "Idle Time-out" should be set at 30 minutes and under Recycling, "Regular Time Interval" should be set at 1740 minutes. Note that the IIS settings will take precedence over the <sessionState timeout> parameter in the web.config.
I would advise that you make changes to the <sessionState timeout> parameter in web.config and leave the IIS settings at their default.
is this something i can do for LF Forms? I was wondering about timeout sessions lengths
The app pool timeout and session timeout control different things. The UI for sessionState is under "Session State" in the ASP.NET section.
The Web Access 9.1 Installation Guide doesn't mention this. Instead, it mentions this:
Configuring Session Timeouts
The Laserfiche Authentication Service's default session timeouts for public and private profiles can be modified. For example, if you want the public profile to maintain a connection for 25 minutes instead of 15, you can configure this in the service's settings.
To modify a session timeout period
1. Navigate to <Installation Directory>\Laserfiche\Laserfiche Authentication Service 9.1
2. Open LfAuthenticationServiceHost.exe.config in a text editor.
3. Look for
<add key="PublicTimeout" value="900000"/>
<add key="PrivateTimeout" value="28800000"/>
Which setting should I use?
I've I changed what was in the guide, but I still see sessions from WA with "inactive duration" longer than what I set in the Admin Console.
Please advise.
Kenny, those settings are for expiring cookies that can re-authenticate a user whose session has timed out. Mike's answer is still correct for this question.
The description you've quoted is not accurate; I'll bring that to UE's attention.
That makes sense.
Thanks for requesting the adjustment. I'd also like to ask you tell UE to include the sessionState web.config change, since that is what I expected to find.
Thanks for clearing that up!
Why would we set Recycling to an interval of 1740 minutes?
Wouldn't that cause it to recycle at random times? I don't think it is safe to recycle during use in my experience it has a huge performance impact and causes sessions to be lost.
That's an ancient post which seems to say "IIS's default for recycling app pools is every 29 hours (or every 1740 minutes)" in a weird way.
Ok, probably best to remove this on a production server.
Mike's answer is correct, but please be sure this is something you really want to do. Three minutes is a very short time and having the session end results in: re-authentication required, searches needing to be re-run, and potentially lost work (unsaved changes). There's definitely a downside to this, so make sure there is a benefit that outweighs it.
thx