Creatio development guide
PDF
This documentation is valid for Creatio version 7.12.0. We recommend using the newest version of Creatio documentation.

Setting user session timeout

Glossary Item Box

Introduction

The procedure for user session timeout setup in bpm’online 7.9.1 and up is different from the earlier versions. In the earlier versions, the user session timeout was specified by configuring application pool in the IIS and editing bpm’online configuration files. Starting with version 7.9.1, session timeouts are set up in the system settings.

Setting user session timeouts for bpm’online 7.9.0 and earlier.

To set up the user session timeout:

1. Set the idle duration on the IIS in the application pool settings.

To do this, select an application (Fig. 1, 1), in the list of application pools (2), select the pool (3) where the application is published. Open advanced settings (4) and set the needed value for the [Idle Time-out (minutes)] parameter (5).

Fig. 1 Setting the idle duration in the IIS application pool settings.

 

2. Modifying the Web.config parameters

Modify the session and authentication parameters in the Web.config files used by the loader and the application (the “internal” and “external” Web.config files).

To modify the session parameter, assign the needed timeout value to the timeout attribute of the sessionState element, which is a subordinate to the system.web element. This value must match the value set in the [Idle Time-out (minutes)] parameter (see item 1).

The authorization parameter is set up in the forms element of the authentication and system.web elements. To modify it, assign a corresponding timeout value in the timeout attribute. The authorization parameter value must be less than the value of the session parameter.

An example of the Web.config setup is available below:

<system.web>
...
  <authentication mode="Forms">
    <forms loginUrl="~/NuiLogin.aspx" protection="All" timeout="59" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="ViewPage.aspx?Id=4e342d5e-bd89-4b79-98e2-22e433122403" cookieless="UseDeviceProfile" enableCrossAppRedirects="true" />
  </authentication>
...
  <sessionState mode="InProc" timeout="60" cookieName="BPMLOADER" />
</system.web>

Setting user session timeouts for bpm’online 7.9.1 and up

Starting with version 7.9.1, session timeouts are set up using the UserSessionTimeout system setting.  The value of this setting contains user session timeout in minutes.

By default the UserSessionTimeout system setting value is 60 minutes. The minimum session timeout is 10 minutes, and the maximum is 720 minutes.

If the system setting is deleted, empty, or otherwise unavailable, the application is still operational. In this case, the timeout value will be taken from the application Web.config session parameter.

Setting the value of the UserSessionTimeout system setting when updating from earlier versions

When updating bpm’online applications version 7.9.0 and earlier, the UserSessionTimeout system setting will be automatically added when the Base package is installed. Default value will be “60”. If the timeout value has been modified earlier, you can edit it manually or use the WorkspaceConsole.

The required WorkspaceConsole parameters for updating the value are available in table 1.  For more information on working with the WorkspaceConsole, please refer to the “Working with WorkspaceConsole” article.

Table 1. WorkspaceConsole settings

Parameter Description
-operation Name of the operation for system value actualization. Use the following value to update system settings: ActualizeUserSessionTimeoutSettingsValue.
-WebApplicationPath Path to the deployed application. Example: "C:\bpmonline79"
-workspaceName Name of the workspace. Default value: Default.
-logPath Paths where the WorkspaceConsole will create log files. Example: "C:\Log".

After running the utility with the specified parameters, the value of session timeout of the UserSessionTimeout system setting will be taken from the application Web.config file. If the timeout specified in the Web.config file is not within the range of acceptable values (less than 10 or more than 720), the specified value will still be assigned to the system setting. At the same time, the SysSettings.config file in the loader will be modified to make the value acceptable. For example, “1000” is specified as the timeout value in the Web.config file:

<sessionState cookieName="BPMSESSIONID" timeout="1000" mode="Custom" customProvider="RedisSessionStore">,

In this case, after WorkspaceConsole executes a command with the parameters specified in table 1, tha value of the system setting will become “1000” and the following will be specified in the SysSettings.config file:

<sysSetting key="UserSessionTimeout" valueType="int" operation="max" value="1000" />

Attention!

If the system setting cannot be found in the database, then it is possible that errors occurred during the update. In this case, WorkspaceConsole operation will result in error as well.

NOTE

After updating the application and setting the UserSessionTimeout system setting value, no additional session timeout setup on the application pool level is required. There is no need to specify authentication timeout as well.

 

© bpm'online 2002-2019.

Did you find this information useful?

How can we improve it?