Controlling Administrative Session timeouts (in Kentico SaaS)

I've tried about all I can think of - can you actually control the session timeout of an Administrative User in the SaaS-based CMS? I've set this code, but to no avail:

services.AddSession(options =>
{
  options.IdleTimeout = TimeSpan.FromMinutes(configuration.GetValue<int>("SessionTimeoutInMinutes"));
  options.Cookie.HttpOnly = true;
  options.Cookie.IsEssential = true;
});

...there is also an app.UseSession() in the code as well. The SessionTimeoutInMinutes value comes from appsettings, and is set to 120. Regardless of all of the above, the SaaS-based site is still timing out Users at the default 20-minute interval.

I also have tried to set the Application Cookie timeout as well:

services.ConfigureApplicationCookie(options =>
{
    options.ExpireTimeSpan = TimeSpan.FromMinutes(configuration.GetValue<int>("SessionTimeoutInMinutes")); // Set authentication cookie expiration to 2 hours
    options.SlidingExpiration = true;
}); 

This doesn't seem to work, either.

Oh, and this is running on v30.2.2.

Any thoughts?

0

Answers

Accepted answer

Have you tried configuring like this? Just looking at the documentation, this looks like it might work:

builder.Services.Configure<AdminIdentityOptions>(options =>
{
    options.AuthenticationOptions.ExpireTimeSpan = TimeSpan.FromMinutes(30);
});

Disclaimer...I haven't tried it yet 😀

0

Also worth noting that there is currently a bug when MFA is enabled, if you have MFA enabled on your project then it will be session based - Kentico are looking to fix this :)

0

Wow - no amount of Googling nor AI assistance turned up that information. Thank you both very much!!

Putting this in now, will be able to test it after next push. Thanks again!

0

To response this discussion, you have to login first.