[Factory Configuration] How to change the session timeout in Factory Configuration
Forge component by OutSystems R&D
Published on 11 Sep 2020

How to change the session timeout in Factory Configuration

The session timeout is the period of time that a session can remain idle, without any end-user interaction, before the Platform Server ends the session automatically. OutSystems uses the session mechanisms to manage its sessions.

To change the session timeout in OutSystems on-premises environments you must add a custom configuration at the level of the IIS application server. Follow this link for more information.

To change the session timeout in OutSystems cloud-hosted environments follow these steps:

  1. In the Shared Configurations tab create a new Shared Configuration with the following details:

    Name SetSessionTime

    Kind: web.config_XSL


    <?xml version="1.0" encoding="UTF-8"?>
    <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
       <xsl:output method="xml" indent="yes" encoding="UTF-8"/>
       <xsl:template match="@*|node()">
               <xsl:apply-templates select="@*|node()"/>
    <xsl:template match="configuration/system.web[not(sessionState)]">
       <xsl:apply-templates select="@*|node()"/>
                  <sessionState timeout="60"/>
       <xsl:template match="/configuration/system.web/sessionState">
               <xsl:attribute name="timeout">60</xsl:attribute>
               <xsl:apply-templates select="@*|node()"/>
  2. In the eSpaces tab select the eSpaces that will have the new timeout duration and associate the shared configuration with them.

  3. Republish the eSpaces to generate the updated web.config files with the new timeout value.

  4. Wait for the existing sessions to expire (with the old timeout value) or cleanup the browser cookies before testing it.

Note: it is necessary to apply this configuration in all modules, otherwise the session timeout will not deterministic between the multiple modules.

Rank: #64

Great Help , I managed to change this in machine.config ..before reading this article.



Rank: #23531

Is this for .NET only, correct? Could you show me the value for J2EE?

Rank: #756

Does the shared config need to be associated with all the modules of the application? Or, only on the module that contains the login action?

Rank: #11902

Hi there,

May I ask, for the timeout attribute, what is the time unit? Is it second or minute?


Andy Y

Rank: #6049


I followed these steps but when I try to republish all my espaces I can see errors saying: "Shared Configuration '%s' is invalid and will be ignored.".

Anyone knows what might be the cause for this?



Great help for all us. Thank you very much, I was looking for this.

Rank: #1208

Does this also work for Reactive web?

Rank: #20

Hi Wannes,

Reactive apps work a little bit different, check this article (it only mentions mobile but we'll change it to say Mobile and Reactive, as they work in the same way).

Tiago Simões 

Rank: #4604

Hi Tiago,

Your solution changes the timeout on all applications that are running on the environment. Is there a way to change the timeout for only 1 application?



Rank: #20

Hi Kevin,

I don’t think there is, as all apps have a single sign on. 


Tiago Simões 

Rank: #930

I have tried to extend session timeout to be 45mins and applied it to my application module,

Unfortunately, it failed and kept as default 30 mins for session timeout.

May you advise what wrong i made?

My application is reactive web application.

Rank: #756

@Jessica Lee, 

For reactive apps, the settings can be found in ServiceCenter > Administration > Security, as mentioned in the documentation below.


Rank: #930

Thank all with response.

I have also tried to update the 'Max Idle time' to be 10 mins...but still not works for my reactive web apps.

Any ideas?

I have used 'IDP' forge to authenticate with ADFS and then redirect into my reactive web apps. Any impact to apply session timeout?