What happen to the automatic log off?

When the login user is not active more than 10 minutes on the Mendix client, the platform will automatic kick this user-session out due to the security reason. This is how it works in version 2.3.x Does anyone know why I can stay log in the platform all day without doing anything on the client? Is this a new feature in 2.4.x? Or can I configure the session time-out in the application.conf? That will be great, because every customer has difference security policy :)
4 answers

The behaviour of session timeouts should be the same in 2.4.x as it was in 2.3.x. When a user has signed in and the browser with the Mendix application running is not closed, the browser will send keep-alives which will prevent session timeouts. If the browser is closed the session will expire after ten minutes causing the user to be logged out.


Hi Panayu,

I just ran a 2.4.3 version of the platform and in this version the behaviour is exactly the same as I described above. If the browser is not closed keepalives will be sent which prevent the user's session from timing out.

This should not be any different for your client. If he/she really experiences problems, you could file an incident into MXDN with the Mendix version, deployment configuration and used browser(s) specified, such that we can try to reproduce the situation.


So if the browser is not close and user is inactive, the system will keep session alive? As I have noticed in 2.3.x or previous version, platform will delete session after 10 minutes while browser is open and user inactive.

Please check the difference for me, because our customer already experience the automatic log-out in version 2.3.x and now we are upgrading to 2.4.x. And the customer complain that the automatic log-out is gone. The automatic log-out help them utilize the amount of the concurrent user on server.


How can i automate enum values to run in back ground that is without any button