Skip to main content

Tutorial: How to Change the Web Session Timeout

Abstract

With this tutorial, you can change the web session timeout for Access Server's web services.

Overview

When you authenticate to Access Server's Client Web UI (or client web service, CWS) or Admin Web UI (or admin web services, AWS), your session remains active for a set timeframe. You remain signed in while you're actively using the web page, but your session expires if you're inactive for 30 minutes.

You can follow this tutorial to adjust this default 30-minute setting.

Prerequisites

  • An installed Access Server.

  • Console access and the ability to get root access.

Step 1: Check the current setting

From the Admin Web UI:

  1. Sign in to the Admin Web UI.

  2. Click Advanced. (You may need to click Proceed on the caution that displays about adjusting advanced settings.)

    • The Config Editor tab displays.

  3. Enter 'auth.sessiontoken.lifetime' in the search box and hit Enter.

  4. The value displays with the default being 600 seconds.

From the CLI:

  1. Sign in to the console and get root privileges.

  2. See the current setting:

    sacli ConfigQuery | grep -i "auth.sessiontoken.lifetime"

    • If nothing displays, the auth.sessiontoken.lifetime configuration key uses the default value of 600 seconds (10 minutes).

Step 2: Change the web session expiration

From the Admin Web UI:

  1. On the Config Editor tab, click the edit icon for the auth.sessiontoken.lifetime configuration key.

  2. Enter a new Integer value.

  3. Click Save and Restart.

From the CLI:

  • Set the web session inactivity timeout to five minutes:

    sacli --key "auth.sessiontoken.lifetimesa.session_expire" --value "300"1 ConfigPut
sacli start

    1

    You set the auth.sessiontoken.lifetime configuration key to a value in seconds. So, for this example, it's 300 seconds, which is five minutes. Adjust your command to the number of seconds you desire for the session expiration.

Optional: Reset to default value

From the Admin Web UI:

  1. On the Config Editor tab, click the edit icon for the auth.sessiontoken.lifetime configuration key.

  2. Check the box for Default setting.

    • The value reverts to the default of 600 seconds.

  3. Click Save and Restart.

From the CLI:

  • Remove the key so it resets to its default of 10 minutes:

    sacli --key "auth.sessiontoken.lifetime" ConfigDel
sacli start
In this section:

Access Server's web server used by the administrator to configure the VPN server.