Controlling Administrative Session timeouts (in Kentico SaaS)

2025/03/17 2:51 PM

I've tried about all I can think of - can you actually control the session timeout of an Administrative User in the SaaS-based CMS? I've set this code, but to no avail:

services.AddSession(options =>
{
  options.IdleTimeout = TimeSpan.FromMinutes(configuration.GetValue<int>("SessionTimeoutInMinutes"));
  options.Cookie.HttpOnly = true;
  options.Cookie.IsEssential = true;
});

...there is also an app.UseSession() in the code as well. The SessionTimeoutInMinutes value comes from appsettings, and is set to 120. Regardless of all of the above, the SaaS-based site is still timing out Users at the default 20-minute interval.

I also have tried to set the Application Cookie timeout as well:

services.ConfigureApplicationCookie(options =>
{
    options.ExpireTimeSpan = TimeSpan.FromMinutes(configuration.GetValue<int>("SessionTimeoutInMinutes")); // Set authentication cookie expiration to 2 hours
    options.SlidingExpiration = true;
}); 

This doesn't seem to work, either.

Oh, and this is running on v30.2.2.

Any thoughts?

Answers

2025/03/17 3:27 PM
Accepted answer

Have you tried configuring like this? Just looking at the documentation, this looks like it might work:

builder.Services.Configure<AdminIdentityOptions>(options =>
{
    options.AuthenticationOptions.ExpireTimeSpan = TimeSpan.FromMinutes(30);
});

Disclaimer...I haven't tried it yet 😀

2025/03/17 3:29 PM

Also worth noting that there is currently a bug when MFA is enabled, if you have MFA enabled on your project then it will be session based - Kentico are looking to fix this :)

2025/03/17 3:53 PM

Wow - no amount of Googling nor AI assistance turned up that information. Thank you both very much!!

Putting this in now, will be able to test it after next push. Thanks again!

To response this discussion, you have to login first.