You are viewing limited content. For full access, please sign in.

Question

Question

Webaccess timout session

asked on December 5, 2013

hi,

 

How to configure the time out in webaccess to automatically loging out a user who did not do any action in webaccess for 3 minutes?

 

Thanks,

Dory

 

0 0

Answer

APPROVED ANSWER
replied on December 5, 2013

There is a parameter in the web.config file under ..\Web Access\Web Files that governs the session timeout. If you want your session to time out in 3 minutes, replace the parameter with "3" (the default is 30 minutes). 

<sessionState timeout="3"/>

If you didn't alter the default IIS app pool time out and recycle settings, then you are done.

 

To check if you have altered the IIS settings, open the IIS Manager, select WebAccessAppPool, right-click and hit "Advanced Settings". Under Process Model, "Idle Time-out" should be set at 30 minutes and under Recycling, "Regular Time Interval" should be set at 1740 minutes. Note that the IIS settings will take precedence over the <sessionState timeout> parameter in the web.config. 

 

I would advise that you make changes to the <sessionState timeout> parameter in web.config and leave the IIS settings at their default.

4 0
replied on December 5, 2013

is this something i can do for LF Forms? I was wondering about timeout sessions lengths

0 0
replied on December 5, 2013

The app pool timeout and session timeout control different things.  The UI for sessionState is under "Session State" in the ASP.NET section.

1 1
replied on May 15, 2014

The Web Access 9.1 Installation Guide doesn't mention this. Instead, it mentions this:

 

Configuring Session Timeouts
The Laserfiche Authentication Service's default session timeouts for public and private profiles can be modified. For example, if you want the public profile to maintain a connection for 25 minutes instead of 15, you can configure this in the service's settings.
To modify a session timeout period
1. Navigate to <Installation Directory>\Laserfiche\Laserfiche Authentication Service 9.1
2. Open LfAuthenticationServiceHost.exe.config in a text editor.
3. Look for
<add key="PublicTimeout" value="900000"/>
<add key="PrivateTimeout" value="28800000"/>

 

Which setting should I use?

I've I changed what was in the guide, but I still see sessions from WA with "inactive duration" longer than what I set in the Admin Console.

 

Please advise.

0 0
replied on May 15, 2014

Kenny, those settings are for expiring cookies that can re-authenticate a user whose session has timed out.  Mike's answer is still correct for this question.

 

The description you've quoted is not accurate; I'll bring that to UE's attention.

1 0
replied on May 15, 2014

That makes sense. 

 

Thanks for requesting the adjustment. I'd also like to ask you tell UE to include the sessionState web.config change, since that is what I expected to find.

 

Thanks for clearing that up!

0 0
replied on March 27

Why would we set Recycling to an interval of 1740 minutes?

Wouldn't that cause it to recycle at random times? I don't think it is safe to recycle during use in my experience it has a huge performance impact and causes sessions to be lost.

0 0
replied on March 27

That's an ancient post which seems to say "IIS's default for recycling app pools is every 29 hours (or every 1740 minutes)" in a weird way.

0 0
replied on March 28

Ok, probably best to remove this on a production server.

0 0

Replies

replied on December 5, 2013

Mike's answer is correct, but please be sure this is something you really want to do.  Three minutes is a very short time and having the session end results in: re-authentication required, searches needing to be re-run, and potentially lost work (unsaved changes).  There's definitely a downside to this, so make sure there is a benefit that outweighs it.

3 0
replied on December 5, 2013

thx

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.