Salesforce

Session Timeout

Printable View
« Go Back
Information
Session Timeout
session-timeout
Article Details

Introduction

Session expiration is an important security feature that govService provides. Session timeout exists to make sure sessions close when no longer in use. govService uses an idle timeout system, this means that session expiration will only occur when no new activity is detected for the duration of the set session time. Session timeout means that the form/process being edited or created will not submit, and that any logged-in user will be logged out.

Timeout settings

For Customer Portal, you can set the session lifetime for a logged-in user's session.

  • This setting is found at yourdomain/admin/self > SiteSettings > General. (Site Settings article)
  • The range allowed is between 10 and 360 minutes.
  • Best practice is to set it under 60 minutes.

The system will provide a warning to the user that the session is about to timeout when there are 2 minutes left in the session, as shown in the image below. If the user agrees to extend the session, the session time will be provided.

session timeout


If the Customer Portal session is idle and the time runs down to zero, the user will be logged out. They will be notified as shown in the image below.

self timeout


If the user tries to submit a form after the time out has occurred, they will be notified as shown in the image below:

timeout message

Session times are reset by any interaction with the servers during the last 1/3 of the set session time. Actions that reset the session include:

  • Submitting a Form.
  • Loading a Form.
  • Refreshing the page.
  • An integration running on a Form.
  • Navigating to a new page
Tips on managing a limited session time:
  • Best practice is to inform users of the session length in messages built into your forms. You can also encourage them to use the save functionality.
  • Continuing to another section on a form does not reset the session.
  • If the form will take longer than the set session time to complete without one of the above actions taking place, the user will need to save their progress.
  • If the user saves the form then uses the save link to open a new instance of the form, this will start a new session.

Summary of how sessions work

A session is created when a user logs in to your site.

This session will last for at least the full session timeout period set on the site.

The session time will reset if the user triggers a response from the site within the last 1/3 of their session, or they answer yes to the extend session request as described above. 

If a user's session triggers the above extension, then it is updated to have the full timeout length again.

So in the case of the user completing a form with 120 min time out set:

  • If a user is filling a form and after about 80 minutes stops interacting with the form in any way, then their session will expire at 120 minutes.
  • If a user is filling a form and at about the 90 minute mark triggers an integration, then the user's session will be extended for another 120 minutes.
  • If a user is filling a form and, when the warning message appears indicating 2 minutes to session expiring, they confirm they wish to extend the session, then the session will be extended for another 120 minutes.

Service Designer/Customer Service Hub

For Forms/Customer Service Hub, the default is 21600 seconds, with 7200 second grace period. This is set centrally within the product and cannot be configured locally.

Mobile 

For Mobile, we inject a session which will last between the initial login and sync and the next sync when they come back to signal.

top of page
Powered by