Session Timeout

Description

LogicNets has a session timeout mechanism that sets a timeout window when a user logs into an application and expires a user's session and logs the user out of an application after that timeout period. A client-side script blanks out the application screen.

With v7.4, LogicNets modified this mechanism to improve it when used in relation to framework-based projects. In these applications, the system must manage the interaction between the parent application—for example, the starter app—and the child application. The mechanism keeps active the parent application as long as the user interacts with the child application.

See Session Expiry  for information on setting the session timeout.

Authentication Token

The updated expiry mechanism includes an authentication token, which the system shares between the parent and child applications. This token, like the session, also has an expiry window, but the token is refreshed as the user works in the child application. The parent application checks on the authentication token to determine if the session should be expired. The authentication expiration window is session timeout + refresh frequency.

Authentication Token Update Frequency

The call from the system to refresh the authentication token is an expensive call, especially if the authentication token is stored with an external IDP. Therefore, the expiration mechanism includes the concept of an update frequency. This minimizes updates to the authentication token.  

The system refreshes the authentication token when a request comes in after the update-frequency window has been passed but the system is still within the expiry limit of the authentication token. It also refreshes the token when the user switches between the applications, as this is considered implicit login.