Session timeout
A session timeout is a safeguard against sensitive data remaining visible when a screen has been left unattended for a defined duration.
Follow these steps to setup a session timeout in Journey Brokers.
Ensure the Session timeout in Journey Manager's Security Manager is set to the desired duration.
- Log into Journey Manager and go to Security > Security Managers.
- Select your security manager from the list.
- On the Security Manager tab, select the desired Session timeout value.
- Click Save.
Set the
appDef.idleTime
intransact-config.json
to be slightly longer than the timeout selected in Journey Manager. For example, if you selected30 minutes
as the Session timeout in Journey Manager, set theidleTime
to at least 31 minutes. This will ensure that if both the application and Journey Manager session have been idle for the same amount of time, the app will check the JM session just after it has ended.
info
The idleTime
value is specified in milliseconds. For example, the value for an idleTime
of 31 minutes is 1860000
( = 31 * 60 * 1000).
Each time the application is left idle (that is, without interaction) for the defined idleTime
, Journey Brokers checks Journey Manager for a connected session. If the session time in Journey Manager has elapsed, the application logs out, presenting the login screen to the user.
Session Timout User Warning (optional)
In addition to the idleTime
setting in transact-config.json, you also have the option (starting from the 24.04 release) to set an idleTimeWarning
setting. Like the idleTime
, this setting is specified in milliseconds.
Once we've reached the idle warning time specified by idleTimeWarning
a Snack message is displayed to the user, warning them that their session is about to expire. The user must do something to refresh their session in order to not be logged out; for example, refresh the current page.
info
Dismissing the warning Snack message is not enough to reset the session idle time.
Logout Redirect
The redirectLogoutUrl
config property allows you to specify a URL to be directed to when the logout button is clicked. An example is shown below.
Sample idleTimeWarning
settings
The example config below assumes a session logout time of 15 minutes has been specified in JM (see previous section).
"appDef": {
"name": "Workspaces 24.04",
"formCode": "workspaces-24-04",
"clientCode": "workspaces",
"idleTime": 960000,
"idleTimeWarning": 840000,
"redirectLogoutUrl": "https://www.npmjs.com/",
}
As per the previous section, the idleTime
is set to 16 minutes (960,000ms), which is one minute later than the server session time out. So, we set idleTimeWarning
to 14 minutes (840,000ms), which is one minute before the server session time out.
You can experiment with which idleTimeWarning
setting works for you, but we recommend that you do not set it to any value less than one minute before the server session time.