Session Expiration Time
Each session is timed to a specific interval during which if the user presents no inactivity, the Studio/Portal will expire. To set the session timing, the key core-setting-tokenExpiresIn is used and it functions with a specific time syntax. The availability time frame when working inside the Studio and Portal is set using the following syntax d/day/days m/min/minutes h/hour/hours s/sec/seconds. For example, it is possible to set:
- 3 d 5 h
- 3 days 5 hours 3 minutes 20 seconds
- 3 d/days 5 h 3 m/min 20 s/sec
The default value is 20 minutes.
The necessarily changes are made in the web.config. If core-setting-tokenExpiresIn is not found in the config, the legacy appSetting TokenExpiresIn is loaded.
How to set the time for when the Portal/Studio should log out the user:
<add key="core-setting-tokenExpiresIn" value="2d 12h 3m 5s"/>
<add key="core-setting-tokenExpiresIn" value="600"/> <!--seconds-->
<add key="TokenExpiresIn" value="1200" />
<add key="TokenExpiresIn" value="1h30min" />
OTP Login Session
The OTP login session expiry time can be configure in the web.config file. It is done as follows:
<multiFactorAuthentication xmlns="http://fintechos.com/ebs/schemas/multiFactorAuthentication" enabled="true" otpTimeout="120">
The otpTimeout attribute is configured in seconds. The default value is 300 seconds. If a negative value is inserted, then it defaults to 300 seconds.