RayFlow Server / Web application
Understanding Time-Out Behavior in a Web Application
In a web application, managing session and login timeouts is crucial for maintaining security and preserving user data. This article provides insights into the timeout behaviors defined in the application's configuration.
1. Session Timeout Configuration
In the web application, the session timeout is governed by the following configuration:
<sessionState timeout="20" />
This configuration specifies the duration for which the user's session is maintained. Once the session expires, the user is not automatically logged out, but the current session state is discarded. After 20 minutes of inactivity, the user is redirected to the Project Timeout page. It's essential to note that any unsaved data at the time of session expiration may be lost. The default timeout value is set to 20 minutes in version 7.4.
A common recommendation is to set the session timeout to around 60 minutes.
2. Login Timeout Configuration
The login timeout is determined by the following authentication configuration:
<forms loginUrl="~/Account/Login" timeout="2880" cookieless="UseCookies" />
timeout="2880" attribute defines how long a user remains logged in. If the user is inactive for a duration longer than the specified time (in this case, 2880 minutes or 2 days), they are automatically logged out, and any unsaved data is lost.
A common recommendation is to set the session timeout to around 60 minutes for a balance between security and user experience.
- Browser Closure: Upon closing the browser, a login screen is presented upon reopening. However, if the "Keep me signed in" option is selected during login, the user's login information is retained even after restarting the browser, eliminating the need to re-enter credentials.
- File Uploads: Notably, both session timeout and login timeout configurations do not affect file uploads. Therefore, the upload process can continue uninterrupted, irrespective of the duration of these timeouts.
Understanding and configuring these timeout settings is essential for providing a seamless and secure user experience in the web application. Users and administrators should be aware of the implications, especially concerning data loss and login persistence, to ensure a smooth interaction with the platform.
The RayFlow Client offers access to the current Timeout setting in its graphical user interface (GUI). The displayed value represents milliseconds, so the default setting 100000 represents a time-out value of 1 minute and 40 seconds:
Please make sure that related time-out span is not bigger than time-out span settings of the server.