'Session-Timeout' back to login screen
Session Timeout can be done on the advance tab of access group or in portal rule using pxSessionTimer.
However, is there a way to take user back to login screen instead of just re-authenticate after period of inactivity.
Accepted Solution
Updated: 2 Jul 2019 11:56 EDT
Pegasystems Inc.
US
Sorry for the delay. I noticed my session timer in 7.4 didn't have a function to close all the PRPC child windows on logoff so I added that back in and tested it.
Attached is SessionTimer_Logoff_74_Community.txt. This file contains Javascript functions only.
Install Notes:
1) Copy pxSessionTimer section rule to an application ruleset and rename to SessionTimer<AppName>
2) Update SessionTimer<AppName> and add all the contents of the SessionTimer_Logoff_74.txt to the existing script block. Just before the ending </script> tag.
3) Add the SessionTimer<AppName> section to you portal header. This is by default pyPortalHeader. It takes up no visible space. Do not put this anywhere that has dynamic content.
4) There is a parameter page for SessionTimer<AppName> once you added it. This lets you control the timeout and warning values. The "Show Authentication screen in" parameter settings has no functionality with this code, it's always a inline modal div.
Testing:
You can test this by launching the end user portal from the developer portal. The lowest combination you can test with for timeout and warning is 3 & 1. This is because of the way the warning timer works.
Sorry for the delay. I noticed my session timer in 7.4 didn't have a function to close all the PRPC child windows on logoff so I added that back in and tested it.
Attached is SessionTimer_Logoff_74_Community.txt. This file contains Javascript functions only.
Install Notes:
1) Copy pxSessionTimer section rule to an application ruleset and rename to SessionTimer<AppName>
2) Update SessionTimer<AppName> and add all the contents of the SessionTimer_Logoff_74.txt to the existing script block. Just before the ending </script> tag.
3) Add the SessionTimer<AppName> section to you portal header. This is by default pyPortalHeader. It takes up no visible space. Do not put this anywhere that has dynamic content.
4) There is a parameter page for SessionTimer<AppName> once you added it. This lets you control the timeout and warning values. The "Show Authentication screen in" parameter settings has no functionality with this code, it's always a inline modal div.
Testing:
You can test this by launching the end user portal from the developer portal. The lowest combination you can test with for timeout and warning is 3 & 1. This is because of the way the warning timer works.
With 3 minute timeout and 1 minute warning you will see the logoff countdown timer after 2 minutes with a 1 minute countdown. When the countdown reaches 0 logoff code will fire. When launching from a developer portal the window containing the end user portal will just close, no logoff will occur. (Same as if you use logoff from a launched portal)
Remove existing timeouts:
Once you are done testing you will no longer need any PRPC timeout value configured in end user AccessGroup. Simple remove the value and update the AccessGroup. If using SSO make sure you test with a SSO login before moving out of dev or test into production.
Adjust the timeout and warning values to proper timeout values per your need. Example: 30 minute timeout with 2 minute warning.
Pegasystems Inc.
US
Hi,
Yes but i need to know what version of PRPC you're on.
I have session timers for most versions of PRPC that do a auto logoff with a model warning window with count down timer.
Edit:
From another post you made regarding similar content i see you're on 7.4. I will get the info for you shortly.
Accepted Solution
Updated: 2 Jul 2019 11:56 EDT
Pegasystems Inc.
US
Sorry for the delay. I noticed my session timer in 7.4 didn't have a function to close all the PRPC child windows on logoff so I added that back in and tested it.
Attached is SessionTimer_Logoff_74_Community.txt. This file contains Javascript functions only.
Install Notes:
1) Copy pxSessionTimer section rule to an application ruleset and rename to SessionTimer<AppName>
2) Update SessionTimer<AppName> and add all the contents of the SessionTimer_Logoff_74.txt to the existing script block. Just before the ending </script> tag.
3) Add the SessionTimer<AppName> section to you portal header. This is by default pyPortalHeader. It takes up no visible space. Do not put this anywhere that has dynamic content.
4) There is a parameter page for SessionTimer<AppName> once you added it. This lets you control the timeout and warning values. The "Show Authentication screen in" parameter settings has no functionality with this code, it's always a inline modal div.
Testing:
You can test this by launching the end user portal from the developer portal. The lowest combination you can test with for timeout and warning is 3 & 1. This is because of the way the warning timer works.
Sorry for the delay. I noticed my session timer in 7.4 didn't have a function to close all the PRPC child windows on logoff so I added that back in and tested it.
Attached is SessionTimer_Logoff_74_Community.txt. This file contains Javascript functions only.
Install Notes:
1) Copy pxSessionTimer section rule to an application ruleset and rename to SessionTimer<AppName>
2) Update SessionTimer<AppName> and add all the contents of the SessionTimer_Logoff_74.txt to the existing script block. Just before the ending </script> tag.
3) Add the SessionTimer<AppName> section to you portal header. This is by default pyPortalHeader. It takes up no visible space. Do not put this anywhere that has dynamic content.
4) There is a parameter page for SessionTimer<AppName> once you added it. This lets you control the timeout and warning values. The "Show Authentication screen in" parameter settings has no functionality with this code, it's always a inline modal div.
Testing:
You can test this by launching the end user portal from the developer portal. The lowest combination you can test with for timeout and warning is 3 & 1. This is because of the way the warning timer works.
With 3 minute timeout and 1 minute warning you will see the logoff countdown timer after 2 minutes with a 1 minute countdown. When the countdown reaches 0 logoff code will fire. When launching from a developer portal the window containing the end user portal will just close, no logoff will occur. (Same as if you use logoff from a launched portal)
Remove existing timeouts:
Once you are done testing you will no longer need any PRPC timeout value configured in end user AccessGroup. Simple remove the value and update the AccessGroup. If using SSO make sure you test with a SSO login before moving out of dev or test into production.
Adjust the timeout and warning values to proper timeout values per your need. Example: 30 minute timeout with 2 minute warning.
Veteran Careers First
US
There are 3 out-of-the-box pyPortalHeader rules.
Which one should we use and does it also need to get saved in current ruleset.
- pyPortalHeader of class Pega-Landing-Security-AccessManager
- pyPortalHeader of class Data-Portal
- pyPortalHeader of class PegaPS-Data-Portal-EndUser
capGemini
US
Made the suggested changed and set the values of timeout as 3 and 1, but the session expiry is not kicking in and not showing any modal, when i check the browser console i am seeing that there is some issue with the script. I am attaching the script that i am using "SessionTimer<Appname>' .. please check and let me know.
Getting these 2 errors in the Chrome browser console
Uncaught SyntaxError: Unexpected end of input
failed: Error during WebSocket handshake: Unexpected response code: 501
capGemini
US
Made the suggested changed and set the values of timeout as 3 and 1, but the session expiry is not kicking in and not showing any modal, when i check the browser console i am seeing that there is some issue with the script. I am attaching the script that i am using "SessionTimer<Appname>' .. Can you please check and let me know ?
Getting the below 2 errors in the Chrome browser console.
Uncaught SyntaxError: Unexpected end of input
failed: Error during WebSocket handshake: Unexpected response code: 501
AARETE
US
@ChrisKoyl I followed these steps but I don't see any warning or modal dialog after 1 minute. Nothing seems to be changed after adding this
Pegasystems Inc.
US
Did you try what @HenryA80 suggested in his reply above? "I used Section Include for the SessionTimer<AppName> code here and it appears to be working great!"
AARETE
US
@MarissaRogers Yes I had to use a different harness but this approach worked fine. Is there a way to show some kind of message on the login screen when the user gets redirected to the login screen due to idle time out?
Cognizant
US
We are in Pega 8.6.3 and we have followed all the steps mentioned in your post and the timeout is failing for the user portal when any work object is opened. Getting 403 forbidden error.
Session out is working in user portal as long as the user is in the home screen and not opened any case.
Could you please advise if any additional configuration is required?
Thanks,
Lokanath
Updated: 25 May 2023 6:35 EDT
Pegasystems Inc.
GB
@veeram16826629 this is an inactive thread.
Please can you log a New Question for your particular 403 forbidden error? Please provide clear details on how to replicate with pega log extract summary.
Also before you do that can you please check our comprehensive support document Understanding HTTP status codes for troubleshooting common issues
You can also do a key word search on the PSC
https://support.pega.com/question/issue-newcovered-harness-resulting-403-fordbidden-http-response
https://support.pega.com/question/worklink-produces-403-unauthorized-error
and also check the Resolved Issues based on your Pega version?
Optum Global SOlutions
IN
@ChrisKoyl This is working to show warning message about log off. But once timeout not getting the log off screen. We are looking to show the log offscreen after timeout.
Evonsys
AU
@ChrisKoyl This works Fine. Thanks a lot
Infosys
IN
The above solution overrides pxSessionTime functionality
What changes would be required if I need to have both functionalities
1 user would be shown session time out warning after say 1 hr of inactivity wherein they can extend session - pxSesiontimer functionality
2 user would be shown a logoff window say after 8 hrs of session wherein it will force terminate the session
Wells Fargo
US
@ChrisKoyl Have you try this with Pega CONSTELLATION?
Updated: 13 Nov 2023 12:18 EST
Pegasystems Inc.
GB
@EKARUNARATNA this post is 4 years old.
Please can you check the PSC for more recent posts? You could follow How to incorporate sessiontimer logic in constellation
Or look at resources given here,
CLSA Community Meetup: What's New in 8.8: UI, UX and Insights (December 2022)
How Constellation UX worksand .
Please can you post a new Question if you need help with the Constellation product? Make sure to select the Capability tag 'Constellation' .