[Factory Configuration] How to change the session timeout in Factory Configuration

Forge Component
(25)
Published on 11 Sep by OutSystems R&D
25 votes
Published on 11 Sep by OutSystems R&D

How to change the session timeout in Factory Configuration


The session timeout is the period of time that a session can remain idle, without any end-user interaction, before the Platform Server ends the session automatically. OutSystems uses the session mechanisms to manage its sessions.

To change the session timeout in OutSystems on-premises environments you must add a custom configuration at the level of the IIS application server. Follow this link for more information.

To change the session timeout in OutSystems cloud-hosted environments follow these steps:

  1. In the Shared Configurations tab create a new Shared Configuration with the following details:

    Name SetSessionTime

    Kind: web.config_XSL

    Value:

    <?xml version="1.0" encoding="UTF-8"?>
    <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
       <xsl:output method="xml" indent="yes" encoding="UTF-8"/>
       <xsl:template match="@*|node()">
           <xsl:copy>
               <xsl:apply-templates select="@*|node()"/>
           </xsl:copy>
       </xsl:template>
    <xsl:template match="configuration/system.web[not(sessionState)]">
        <system.web>
       <xsl:apply-templates select="@*|node()"/>
                  <sessionState timeout="60"/>
     </system.web>
    </xsl:template>
       <xsl:template match="/configuration/system.web/sessionState">
           <xsl:copy>
               <xsl:attribute name="timeout">60</xsl:attribute>
               <xsl:apply-templates select="@*|node()"/>
           </xsl:copy>
       </xsl:template>
    </xsl:stylesheet>
  2. In the eSpaces tab select the eSpaces that will have the new timeout duration and associate the shared configuration with them.

  3. Republish the eSpaces to generate the updated web.config files with the new timeout value.

  4. Wait for the existing sessions to expire (with the old timeout value) or cleanup the browser cookies before testing it.


Note: it is necessary to apply this configuration in all modules, otherwise the session timeout will not deterministic between the multiple modules.

Great Help , I managed to change this in machine.config ..before reading this article.


Regards

-PJ-

Is this for .NET only, correct? Could you show me the value for J2EE?

Does the shared config need to be associated with all the modules of the application? Or, only on the module that contains the login action?

Hi there,


May I ask, for the timeout attribute, what is the time unit? Is it second or minute?


Regards,

Andy Y

Andy Yan wrote:

Hi there,


May I ask, for the timeout attribute, what is the time unit? Is it second or minute?


Regards,

Andy Y

It is minuets.


Jonathan Lui wrote:

Does the shared config need to be associated with all the modules of the application? Or, only on the module that contains the login action?

To all modules of the application.


Hi,

I followed these steps but when I try to republish all my espaces I can see errors saying: "Shared Configuration '%s' is invalid and will be ignored.".

Anyone knows what might be the cause for this?

Thanks,

Ricardo.

Ricardo Pedroso wrote:

Hi,

I followed these steps but when I try to republish all my espaces I can see errors saying: "Shared Configuration '%s' is invalid and will be ignored.".

Anyone knows what might be the cause for this?

Thanks,

Ricardo.


I am also seeing the same message in the logs while trying to publish an eSpace that I have just applied the Shared Configuration to. I have followed the exact steps in this "How to", copied/pasted the xml in the example into FactoryConfiguration.

Mark Stuart wrote:

Ricardo Pedroso wrote:

Hi,

I followed these steps but when I try to republish all my espaces I can see errors saying: "Shared Configuration '%s' is invalid and will be ignored.".

Anyone knows what might be the cause for this?

Thanks,

Ricardo.


I am also seeing the same message in the logs while trying to publish an eSpace that I have just applied the Shared Configuration to. I have followed the exact steps in this "How to", copied/pasted the xml in the example into FactoryConfiguration.

Check if the indentation of the Shared Configuration is using 'tabs'. If so, try to replace the 'tabs' with 'spaces' and republish the eSpaces to generate the updated web.config files.


Great help for all us. Thank you very much, I was looking for this.

Does this also work for Reactive web?

Hi Wannes,

Reactive apps work a little bit different, check this article (it only mentions mobile but we'll change it to say Mobile and Reactive, as they work in the same way).

Cheers,
Tiago Simões 

Hi Tiago,


Your solution changes the timeout on all applications that are running on the environment. Is there a way to change the timeout for only 1 application?


Regards


Kevin

Hi Kevin,

I don’t think there is, as all apps have a single sign on. 

Cheers,

Tiago Simões 

I have tried to extend session timeout to be 45mins and applied it to my application module,

Unfortunately, it failed and kept as default 30 mins for session timeout.

May you advise what wrong i made?

My application is reactive web application.


@Jessica Lee, 

For reactive apps, the settings can be found in ServiceCenter > Administration > Security, as mentioned in the documentation below.

https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications/Configure_App_Authentication#configure-app-authentication-settings 



Jonathan Lui wrote:

For reactive apps, the settings can be found in ServiceCenter > Administration > Security, as mentioned in the documentation below.

https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications/Configure_App_Authentication#configure-app-authentication-settings 



 Reactive and Mobile: "Applies only to Mobile Apps and Reactive Web Apps" 

 

Miguel Verdasca wrote:

Jonathan Lui wrote:

For reactive apps, the settings can be found in ServiceCenter > Administration > Security, as mentioned in the documentation below.

https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications/Configure_App_Authentication#configure-app-authentication-settings 



 Reactive and Mobile: "Applies only to Mobile Apps and Reactive Web Apps" 

 

 Yeah, that was a reply to the poster directly above me, whose app is a reactive app.

 

Thank all with response.

I have also tried to update the 'Max Idle time' to be 10 mins...but still not works for my reactive web apps.

Any ideas?


I have used 'IDP' forge to authenticate with ADFS and then redirect into my reactive web apps. Any impact to apply session timeout?