We are trying to implement requestor session timeout. This is not for default /prweb. We have SSO based authentication which is something like /prweb/PegaSSO.
We have added <env name="timeout/browser" value="60"/> in our prconfig.xml. I believe the value is in seconds. But we dont see the session cleaned up after 60 seconds.
I did read some articles on adding session timeout in Access Group. This is something we haven't tried.
Any thoughts and suggestions will be helpful.
***Updated by moderator: Lochan to add Categories***
Enter a number of seconds after which the system challenges idle browser sessions (for users of this access group), asking users to re-enter their Operator ID and password. This timeout event does not cause session context or clipboard contents to be lost.
If users respond to the challenge and are re-authenticated, they can usually continue processing where they left off, unless the system released locks they held in the meantime, or the system was stopped and restarted.
This setting is also taken into account in a mobile app that is either online or offline. When the timeout value is reached, the user is automatically logged out when they perform any action. They are brought back to the login screen.
Note: This authentication timeout is not related to the timeout/browser value in the prconfig.xml file or Dynamic System Settings, which controls when passivation occurs.
Access Group timeouts, also called authentication timeouts, are established in the Settings tab of the access group form. This setting applies only to interactive (browser-based) users. The system may challenge users who have not sent input to the server during a period, forcing them to re-enter an Operator ID and password.
If you want custom authentication you can use of pxSessionTimer section .