Session Expiration Time

Each session is timed to a specific interval during which if the user presents no inactivity, the Studio/Portal will expire. To set the session timing, the key core-setting-tokenExpiresIn is used and it functions with a specific time syntax. The availability time frame when working inside the Studio and Portal is set using the following syntax d/day/days m/min/minutes h/hour/hours s/sec/seconds. For example, it is possible to set:

  • 3 d 5 h
  • 3 days 5 hours 3 minutes 20 seconds
  • 3 d/days 5 h 3 m/min 20 s/sec

The default value is 20 minutes.

The necessarily changes are made in the web.config. If core-setting-tokenExpiresIn is not found in the config, the legacy appSetting TokenExpiresIn is loaded.


OTP Login Session

The OTP login session expiry time can be configure in the web.config file. It is done as follows:

<multiFactorAuthentication xmlns="" enabled="true" otpTimeout="120">

The otpTimeout attribute is configured in seconds. The default value is 300 seconds. If a negative value is inserted, then it defaults to 300 seconds.