How to configure automatic logout (session timeout) in Active Roles Server Web Interface (4335651)

By default, users are not logged out automatically after a certain period of inactivity in the Active Roles Server Web Interface. This article provides the steps required to configure a session timeout.

WORKAROUND

NOTE: Ensure you have a backup of your site before making changes. This can be done in the Active Roles Configuration Center on the Web Interface tab by selecting the existing site and selecting "Export".

1. In the Active Roles Console, as an Active Roles Admin, select View | Mode | Raw Mode
2. Expand Configuration | Application Configuration | Web Interface and locate the web Interface configuration object you want to change by it's description (viewable on right pane)
3. On the left pane, expand the GUID representing your web site configuration and select Interface Settings | WorkingCopy
4. Right-click the WorkingCopy object and select All Tasks | Advanced Properties
5. Select Show all possible attributes
6. Select edsaWISettings attribute and click View/Edit
7. Locate and modify autologout timeout settings (Note: you must specify both settings for this to work):
   
   <AutoLogout Timeout="0" ConfirmTimeout="0"/>
   
   Parameters:
   
   Timeout. Required. Integer. Specifies the allowed interval of inactivity for a user (in minutes). After the specified time interval of inactivity user will be logged out and get a message
   ConfirmTimeout. Required. Integer. Specifies time interval (in minutes) when user gets a prompt to confirm activity
8. Save your changes
9. Reload customizations in the Web Interface that you have just updated. In your web browser, hover mouse over Customization and select Reload

Note: You must log out of your current web interface sessions for this new setting to take effect as ALL sessions need to be disconnected in order for the timeout settings to work properly.  In some environments it may be necessary to restart the Active Roles service or perform IISReset.