Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Rifdhi Rizvi (Rifdhiii)
Knowledge Expert
Lead System Architect
Knowledge Expert
FR
Rifdhiii Member since 2014 1 post
Knowledge Expert
Posted: Jan 14, 2021
Last activity: Apr 16, 2021
Posted: 14 Jan 2021 11:25 EST
Last activity: 16 Apr 2021 6:21 EDT
Closed

Timeout anonymous requestors in a web mashup

We expose a case type to a customer facing website using web mashup and the authentication is done via an anonymous auth service. Whenever a customer visits the web page, a temporary operator is created. We observe that there're many requestors created and this results in a requestor limit alert. We also note that the requestors are removed after ~2 hours of inactivity (last access time). We would like to timeout the requestors as soon as possible to avoid the accumulation of too many requestors. The following options were tried and none of these seem to be in effect:

1. Set access group timeout (note that there's no 'use access group timeout' setting in anonymous auth service)

2. Use pxSessionTimer

3. Use customized version of pxSessionTimer as per https://collaborate.pega.com/question/session-timeout-back-login-screen

Please let us know if there's any possible solution to handle this.

Also, would like to know how the requestors are removed after ~2 hours. Which setting controls this behavior?

Thanks!

***Edited by Moderator Marissa to update Platform Capability tags; add Support Case details****
To see attachments, please log in.
Pega Platform 8.2.7
Security
Support Case Created

  • Wassim Jrad Pratibha Bala Mahata
Posted: 3 years ago
Updated: 3 years ago
Posted: 11 Feb 2021 11:43 EST
Updated: 11 Feb 2021 11:45 EST
Chris Mertz (mertc)
PEGA
Senior Principal Engineer, Technical Support, Platform Service
Pegasystems Inc.
US

@Rifdhiii

You are on the right track you just have not located the correct settings yet. 

There is a DSS setting, prconfig/timeout/browser/default value="900". The wording is a little confusing for this setting but what it does is tells the platform how long to allow a session to a browser to sit idle before a session timeout would occur. This setting is in minutes so it coverts to roughly 1.5 hours. Reduce this time and you should have a much shorter requestor life-span. 

You're probably wondering why this isn't the 2 hours you've observed. Well there is a browser timeout as well that keeps the session alive, that is typically 30 minutes. Which gives you your 2 hours. 

Finally you asked about how the requestors get cleaned up and who is responsible for this. There is a daemon that is responsible for cleaning up requestors. By default it runs every 60 seconds, which should be set low enough for most environments. This setting is configurable as well, but we don't recommend changing this unless there is an issue. It is prconfig/initialization/passivationinterval/default value="60". 

I hope this answers you questions,

 

Chris

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice