Question

1
Replies
105
Views
Close popover
Rifdhi Rizvi (Rifdhiii)
Knowledge Expert
Lead System Architect
Knowledge Expert
NL
View ProfileSend Message
Rifdhiii Member since 2014 1 post
Knowledge Expert
Posted: January 14, 2021
Last activity: 3 weeks 1 day ago

Timeout anonymous requestors in a web mashup

We expose a case type to a customer facing website using web mashup and the authentication is done via an anonymous auth service. Whenever a customer visits the web page, a temporary operator is created. We observe that there're many requestors created and this results in a requestor limit alert. We also note that the requestors are removed after ~2 hours of inactivity (last access time). We would like to timeout the requestors as soon as possible to avoid the accumulation of too many requestors. The following options were tried and none of these seem to be in effect:

1. Set access group timeout (note that there's no 'use access group timeout' setting in anonymous auth service)

2. Use pxSessionTimer

3. Use customized version of pxSessionTimer as per https://collaborate.pega.com/question/session-timeout-back-login-screen

Please let us know if there's any possible solution to handle this.

Also, would like to know how the requestors are removed after ~2 hours. Which setting controls this behavior?

Thanks!

***Edited by Moderator Marissa to update Platform Capability tags; add Support Case details****
Pega Platform 8.2.7 Security Support Case Created
Close popover
Posted: 3 weeks ago
Updated: 3 weeks ago
Close popover
Chris Mertz (mertc)
PEGA
Principal Software Solutions Engineer
Pegasystems Inc.
US
View ProfileSend Message

@Rifdhiii 

You are on the right track you just have not located the correct settings yet. 

There is a DSS setting, prconfig/timeout/browser/default value="900". The wording is a little confusing for this setting but what it does is tells the platform how long to allow a session to a browser to sit idle before a session timeout would occur. This setting is in minutes so it coverts to roughly 1.5 hours. Reduce this time and you should have a much shorter requestor life-span. 

You're probably wondering why this isn't the 2 hours you've observed. Well there is a browser timeout as well that keeps the session alive, that is typically 30 minutes. Which gives you your 2 hours. 

Finally you asked about how the requestors get cleaned up and who is responsible for this. There is a daemon that is responsible for cleaning up requestors. By default it runs every 60 seconds, which should be set low enough for most environments. This setting is configurable as well, but we don't recommend changing this unless there is an issue. It is prconfig/initialization/passivationinterval/default value="60". 

I hope this answers you questions,

 

Chris
Share this page Share via LinkedIn Copying...
Copied!