Session Expiration Time

Each session is timed to a specific interval during which if the user presents no inactivity, the Studio/Portal will expire. To set the session timing, the key core-setting-tokenExpiresIn is used and it functions with a specific time syntax. The availability time frame when working inside the Studio and Portal is set using the following syntax d/day/days m/min/minutes h/hour/hours s/sec/seconds. For example, it is possible to set:

  • 3 d 5 h
  • 3 days 5 hours 3 minutes 20 seconds
  • 3 d/days 5 h 3 m/min 20 s/sec

The default value is 20 minutes.

The necessarily changes are made in the web.config. If core-setting-tokenExpiresIn is not found in the config, the legacy appSetting TokenExpiresIn is loaded.

How to set the time for when the Portal/Studio should log out the user:

Copy 
<add key="core-setting-tokenExpiresIn" value="2d 12h 3m 5s"/>
<add key="core-setting-tokenExpiresIn" value="600"/> <!--seconds-->
<add key="TokenExpiresIn" value="1200" />
<add key="TokenExpiresIn" value="1h30min" />
 

OTP Login Session

The OTP login session expiry time can be configure in the web.config file. It is done as follows:

Copy 
<multiFactorAuthentication xmlns="http://fintechos.com/ebs/schemas/multiFactorAuthentication" enabled="true" otpTimeout="120">
 

The otpTimeout attribute is configured in seconds. The default value is 300 seconds. If a negative value is inserted, then it defaults to 300 seconds.