You can view and manage active sessions on the Manage Sessions page. The overall concurrent usage is provided along with per-session information.
In EdgeCore Standalone and EdgeCore Cluster, to access a list of active sessions:
- Go to the system menu in the upper right corner > System > Sessions as a Full Admin user.
A list of sessions is displayed.
In the EdgeCore Command Center, to access a list of active sessions:
- Go to the system menu in the upper right corner > Enterprise > Manage Sessions as a Full Admin user.
The following details are provided for each active session:
|User ID (Account in the Command Center)||The identifier for the user of the session (including domain suffix associated with the account domain that this user is defined in)|
|IP||The IP address used to access EdgeCore for the session|
|Login Time||The starting time of the active session|
|Last Access Time||The last time the session actively performed an action against the system|
|Duration||The duration of the session|
Besides the above-mentioned fields, the Command Center also has two additional fields:
– Server: the name of the server
– Session ID: the identifier of the session
To update the list of active sessions to show any changes, click in the bottom left corner.
To terminate a session, select the desired session and click in the bottom left corner.
The default session timeout for the system is 60 minutes. This value is loaded during the server initialization.
Additionally, the default session timeout can be configured by adding
server.session.timeout=number of minutes to the following file on the server:
For example, you want the default timeout to be 20 minutes, so you would add:
Note: The default session timeout may be overridden by domain configurations, as described below.
Configuring Session Timeout per Domain
To configure session timeout per domain:
- Go to the Provision Domains page as a Full Admin user.
You can access this page from either the Admin menu (the Provision icon > Domains) or the System menu (Content > Provisioning > Domains).
- Select the domain for which you want to configure the session timeout.
- Click the Preferences tab.
- Enable or disable the Inherit Session Timeout toggle switch.
The toggle switch is enabled by default.
– When the toggle switch is enabled, the default timeout value (60 minutes) is inherited.
– When the toggle switch is disabled, you can specify a new timeout value and override the default one. Please note that a value of -1 will keep the session alive indefinitely.
Maximum Session Timeout
The maximum session timeout can be configured by adding
client.session.maxtimeout=number of minutes to the following file on the server:
If the value for the maximum timeout is lower than -1 or greater than 9999999, the settings will be ignored and those values will be used.
Keeping Session Alive
User activity in the client (mouse movements, clicks, etc.) will keep a session alive. As long as the user is not idle (inactive for 30+ seconds), the client will contact the server via the web socket connection. The server manually updates the last accessed time of the HTTP session. On session timeout/termination, a user will be redirected to the login screen, which will have /login?expired in the URL.
Additionally, as previously mentioned, providing a value of -1 will keep the session alive indefinitely.
Enabling Maintenance Mode
edgeCore version: 4.3.6
To enable the maintenance mode, click the corresponding button.
Once the maintenance mode is on, admin users will be able to log in, and a banner message will notify them that the server is under maintenance.
Already logged-in non-admin users will get a 503 error, whereas those who try to log in will not be able to do so (a message about the server being in the maintenance mode will be displayed on the login page).
How to Limit One Session Per User
edgeCore version: 4.4.1
If you want to make sure that at any point in time a user can only have one active session, set the following in either the custom.properties (or local.properties) file or in system menu > Admin Tools > System Config:
As a result, a new login will expire any other active session by that user.
Known Issues with Session Timeouts
- Mouse movements and clicks inside of proxy widgets are not detected as user activity and will not prevent session timeouts. However, HTTP requests from proxy visualizations are detected and will extend the session.
- Currently, there is no limit on the number of concurrent sessions for an individual user, other than any restrictions on global concurrent sessions that may be included in the system license. As of 4.4.1, you can limit one session per user (see above).