The Session Timer feature provides the user with a countdown window when their session is about to expire and gives them an opportunity to Renew Session to continue working before the session expires.
Session Expiration Warning
The Countdown window will appear a specified number of seconds before the session ends. If the user clicks Renew Session prior to the session expiring they may continue their work on the current page.
Configuring Session Timer Countdown Window
The Session Timer countdown window will appear a certain number of seconds prior to the actual expiration to give the user time to Renew Session before expiration. The interval for when the countdown screen appears is defaulted to 60 seconds and is configurable via the Admin Settings > Settings Item page. You may update the value of the key "SessionTimerCountdown" to the number of seconds you require.
Configuring the Login Token Timeout
When a user logs into the Cireson Portal and checks the Remember Me checkbox a login token (which is a hash of the user's credentials) is created, encrypted, and securely stored in a cookie on the local computer for that particular browser. When the user accesses the Cireson Portal in the future rather than prompting the user for the user's credentials, the token is sent to the web server. Unless the user deletes this cookie it can be used to login until the cookie timeout expires. At that point the user will be required to reenter the credentials using forms authentication and can optionally choose Remember Me again to create a new token.
The timeout duration of the token cookie is configured in the Settings Item (KB1327) page using the "UserTokenExpirationMinutes" value.
By default the value (RememberMeExpirationDays) is 365 days.
By default the value (UserTokenExpirationMinutes) is 60 minutes. The duration must be an integer value between 1 and 1440. Setting a value outside of this range will cause the login to the Portal to fail if using Forms Authentication.
Note: If the user's password changes in Active Directory the user will be prompted to provide the new password.
Configuring the System Center Service Manager Connection Object Timeout
Whenever a user logs into the Cireson Portal via either Forms Authentication or Windows Integrated Authentication (KB2349) an object is created in memory that stores a cache of data from SCSM and a connection. This object is called an EnterpriseManagementGroup object for those that are familiar with the inner workings of SCSM. This object is stored in memory for quick access and reuse. Whenever the connection object is needed, the Cireson Portal web site checks to see if an existing connection object exists in memory for that user. If there is a connection object in memory for that user, it will use that connection. If there is no active connection object in memory, a new connection object will be created. This can take a few seconds because the SCSM SDK library is caching some information into the connection object from the SCSM server. This connection object has a limited lifespan so that the memory it is utilizing can be freed up when it is not being used.
The timeout duration of the token cookie is configured in the Settings Item (KB1327) page using the "ServiceManagerInactivityTimeoutMinutes" value.