Automatic log out on session time out

Automatic log out on session time out

  
Is there a way in which user is redicted to login page of application after session time out?That is user has not done any activity on the page for say 20 minutes( as set in machine config and IIS server for session tme out), an next time when user clicks on page, it should take user to login page.

Hi priyanka mathur.

First you need to define roles and set them to the webscreens that need special permissions to access.
I assume that this is already done.
Next you need a flow to handle exceptions such as "Invalid Login". 
This means that when a user does not have permission (or is not logged in) to access a page an exception will be raized. 
In the flow you created for error handling all you need to do is redirect the user to login page when ever "Invalid Login" exception is raized.
Here is some more information: http://www.outsystems.com/help/servicestudio/9.0/Managing_Exceptions/Security_Exception.htm

I case you have problems setting the timeout for session here is a thread to help: https://www.outsystems.com/forums/discussion/15250/session-time-out-automatically/

Best Regards
Rodrigo Henriques
Hi Rodrigo,
Thanks for sharing the links.However, i wanted to know if outsystems has inbuilt support to auto log off user when user is inactive\idle .
i have proper permissions and roles set up, which redirect to invalid login if user is not registeres or do not have defined role for the page.However i want for all registered users to login again if they have been idle for more than 5 minutes on the application.
This is one of the basic security requirment for any PHI application .
Hi priyanka mathur,

The answer for your question is on the second link i sent earlyer
             ( https://www.outsystems.com/forums/discussion/15250/session-time-out-automatically ).

Tiago Neves says the following.
    The default value for the session time-out depends on the application server:
    .NET: 20 minutes and this value can be configured in machine.config file;
    J2EE: 60 minutes and this value can be configured in /etc/.java/.systemPrefs/outsystems/prefs.xml file.

The timeout is not defined by OutSystems but by your application server.

Hope this answers your question.

Best regards

Rodrigo Henriques