EnableKeepAlive causing multiple Active Sessions per user

0
HiWhen we first deployed our app users were complaining that it would log them out too often so we set EnableKeepAlive to true and set a large SessionTimeout value to ensure users could stay logged in throughout the day.However we have had some reports from users saying that they never had to log in which we deemed as a security risk so we have now set EnableKeepAlive to false and SessionTimeout to 43200000 (12 hours). However, looking at Active Sessions within the application it looks as if both before and after these changes were made the system is not cleaning up sessions. There are currently over 1800 'Active' sessions with users having multiple. Some of these multiple sessons are within the same day as each other.We have SSO enabled via SAML and clicking logout redirects to /SSO/logout however it seems like the session isn't ended and they also aren't cleaned up by the system.Is there something we can add in runtime to ensure these sessions are removed after SessionTimeout has been reached?ThanksGrant
asked
1 answers
1

Dear Grant,

Why issue? may be of below points:

  1. Remember me option is not set to true, so session is created everytime the application is closed and opened.
  2. SessionTimeOut never reaches the limit as some small activities updates the session last active.


How you can achieve the usecase:

  1. Use remember me option to reuse the available session instead of creating new.
  2. Use AbsoluteSessionTimeout instead of SessionTimeout. It works on session created time not based on activity.
  3. Create custom logic (microflow) which deletes the session older than 12hr and call it as home page or in scheduler.


If required let's schedule a call to discuss.


Hope my answer helps. Reach me out for any queries.

answered