<-- Back

What is the difference between a sign out action and a session timeout

Introduction

In the Mendix Platform, a session can terminate in two primary ways: an explicit "Sign Out" action initiated by the user, or an automatic "Session Timeout" due to inactivity. While the triggers for these events are different, the Mendix Runtime utilizes the exact same underlying logic to clean up resources, delete the session, and handle uncommitted data.

Environment

Applications hosted in any deployment type

Details

The core cleanup process is identical for both scenarios. When a session is terminated, the runtime deletes the session from the database, clears it from the session cache of the current node, and removes any objects that were auto-committed during that session but never explicitly committed.

1. Sign out action

A sign-out is an explicit event triggered directly by a user (e.g., via a "Sign Out" button or a microflow activity).

  • Execution: The runtime attempts to destroy the session immediately.
  • The "In-Use" check: Before deletion, the system checks if there are still active threads (running microflows or actions) associated with this session.
    • If the session is not in use, it is deleted immediately from the database and cache.
    • If the session is in use (e.g., a background process is still running), the session is marked as "non-interactive". This prevents the user from starting any new requests. The actual deletion is deferred until the next time the cluster leader performs its periodic session cleanup (based on the ClusterManagerInterval), provided the active threads have finished by then.

2. Session Timeout:  

A session timeout is an implicit event managed by the Mendix cluster leader node.

  • Trigger: A session expires when the time elapsed since its LastActive attribute exceeds the SessionTimeout setting (default is 10 minutes).
  • Execution: The cluster leader identifies expired sessions periodically based on the ClusterManagerInterval.
  • Process: Once an expired session is identified, the cluster leader performs the exact same cleanup actions as a manual logout. It checks if the session is still "in use" on any node in the cluster (using the LastActionExecution attribute) to ensure it is safe to delete.

To coordinate the cleanup safely, especially in clustered environments, Mendix tracks two specific timestamps:

  • LastActive: This determines when a session is eligible to expire. It is updated in-memory whenever a new request or a "keep-alive" is received. To reduce overhead, these updates are collected and committed to the database periodically by a scheduled task called SessionKeepAliveUpdateAction.
  •  LastActionExecution: This determines if a session can be safely deleted. It is updated periodically (at the SessionKeepAliveUpdatesInterval) by any node currently executing a thread for that session. Even if a user signs out or a session expires, the Runtime will not delete the session data as long as LastActionExecution indicates the session is still busy.

Internal information related

  • 272993
  • C3T260XGA/p1772613705860359

Additional information

Mendix documentation:

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.

To provide feedback, please open a ticket here. Don't forget to include the article's URL along with the feedback you would like to provide.