Configure Session Timeouts
The Session timeout window is displayed after a period of inactivity.
The warning period determines how long before the popup dialog is shown, while the logout period determines how long before the user is forcibly logged out.
Both settings are expressed in minutes since the last interaction with the server. To disable either feature, the values can be set to 0. The default values result in the warning windows being displayed for 5 minutes. Once a session is ended, the website is automatically redirected to the login page.
If you are using ebs authentication (that is: you log in to either product using an ebs username or email address and password), then there is a further authentication timeout defined in the <authentication mode="Forms"> section.
By default, this is set to 60 minutes. This setting will be considered regardless of whether the session expiry warning box is displayed. Once the expiration time is reached, the user will be redirected to the login page when they next interact with the website. The behaviour of this timeout is to use sliding expiration. This means that if the product is continuously used, the timeout extends so the user remains logged in without needing to re-authenticate. Sliding expiration resets the expiration time if a server request is made and more than half of the timeout interval has elapsed.
For example (assuming the session expiry warning is disabled): if a user logs in at 9am, this feature would log them out at 10am. However, if they use ontrack continuously for 30 minutes and interact with the product at 9.35am, their timeout would be extended to 10.35am.
If you wish to adjust timeout values, do the following:
-
Set the session expiry warning period to be smaller than the session expiry logout period
-
Set the session expiry logout period to half that of the Forms authentication timeout
If the Forms authentication timeout is adjusted, the equivalent Forms timeout in the linked web services web.config file must be set to the same value.
Default values
Setting | Default Values (minutes) |
---|---|
Ontrack SessionExpiryWarningPeriod | 25 |
Ontrack SessionExpiryLogoutPeriod | 30 |
Ontrack Forms authentication timeout | 60 |
Web Services Forms authentication timeout | 60 |
Example of more aggressive timeout policy (force logout after 15 minutes of inactivity)
Setting | Default Values (minutes) |
---|---|
Ontrack SessionExpiryWarningPeriod | 10 |
Ontrack SessionExpiryLogoutPeriod | 15 |
Ontrack Forms authentication timeout | 30 |
Web Services Forms authentication timeout | 30 |
Example of more relaxed timeout policy (force logout after 1 hour of inactivity)
Setting | Default Values (minutes) |
---|---|
Ontrack SessionExpiryWarningPeriod | 55 |
Ontrack SessionExpiryLogoutPeriod | 60 |
Ontrack Forms authentication timeout | 120 |
Web Services Forms authentication timeout | 120 |