Configure Session Timeouts

With Operations Hub, you can configure how soon a login session expires when a session is idle.

Before doing so, consider which application sessions you need to configure. The Designer, the End-app, and Proficy Authentication (formerly UAA) each can have its session timeout configured independently.

Operations Hub Session Timeouts

Access the web.xml file from these locations, and update the configuration as follows, for End-app and Designer session timeouts respectively:

  • C:\Program Files\GE\Operations Hub\iqp-tomcat\webapps\app\WEB-INF
  • C:\Program Files\GE\Operations Hub\iqp-tomcat\webapps\site\WEB-INF
<session-config>
	<session-timeout>30</session-timeout>
</session-config>
A session is tracked by a cookie, wherein the cookie age must be longer than the session timeout. Therefore, if the timeout is increased, make sure the cookie’s max-age (configured in the same web.xml) is not shorter than the session timeout as shown here:
<session-config>
	<session-timeout>2</session-timeout>
	<cookie-config> <max-age>120</max-age> </cookie-config>
</session-config>
session-timeout and cookie-config/max-age are in different units of measurement (see note below).

Additionally, if you set either of the session timeouts greater than one hour in web.xml, you also need to add a system environment variable SESSION_DESTROY_TIMEOUT with value session_timeout_in_millisec + 10 minutes in millisec. For example, if you set a session timeout to two hours, then set it to 130 * 60 * 1000 = 7800000.

Note:
  1. Restart IQP tomcat service whenever you reconfigure any of the settings/parameters mentioned above.
  2. session-timeout is measured in minutes, whereas cookie-config/max-age is measured in seconds.
  3. Any manual configuration changes, including changes for timeouts, are overwritten on upgrade.

Proficy Authentication Session Timeout

Proficy Authentication session timeout decides how long your Proficy Authentication login session remains valid. It in turn determines whether you need to enter the credentials again when logging into an application that depends on Proficy Authentication for login.

Example: If the session timeout for Operations Hub Designer is set to 30 minutes, and Proficy Authentication is set to one hour, then you are not required to enter the credentials to re-login if the Designer session times out within one hour. You need to enter credentials only when the Designer session lasts longer than an hour, or you explicitly log out of a session.

You can configure session timeout during Proficy Authentication installation. To configure after installation, access the web.xml file from C:\ProgramFiles\GE\Proficy Authentication\uaa-tomcat\webapps\uaa\WEB-INF or C:\ProgramFiles\GE\Operations Hub\uaa-tomcat\webapps\uaa\WEB-INF), and update the configuration as follows:
<session-config>
	<session-timeout>30</session-timeout>
</session-config>
The cookie’s max-age may also need to be adjusted, similar to Operations Hub session timeouts.