<-- Back

Sessions not removed after SessionTimeout

Issue

Users remain logged into the application even after several hours of inactivity. The session has been inactive for more time than the SessionTimeout and ClusterManagerActionInterval combined, but it is not removed. 

Environment

Applications hosted in any deployment type

Cause

The session timeout functionality is not working because the affected users were (incorrectly) configured with the WebServiceUser attribute set to true. 

Solution/Workaround

The runtime's session cleanup mechanism specifically excludes users with WebServiceUser=true from the session timeout process. Specifically:

The runtime cleans up sessions users based on:

  1. The LastActive (on the session) is older than now() - session timeout
  2. The user is not a WebServiceUser
  3. The user has no running actions

To resolve this issue, check and correct the WebServiceUser flag:

  1. Identify all users with WebServiceUser = true that should be regular users
  2. Update these users by setting WebServiceUser = false

Internal information related

  • 249836
  • C3T260XGA/p1681866770989489

Additional information 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.

To provide feedback, please open a ticket here. Don't forget to include the article's URL along with the feedback you would like to provide.