Skip to main content
Contact a Moderator

Question

2
Replies
169
Views
 Rifdhi Rizvi (Rifdhiii)
Knowledge Expert
Lead System Architect
Knowledge Expert
NL
Rifdhiii Member since 2014 1 post
Knowledge Expert
Posted: January 14, 2021
Last activity: April 16, 2021
Posted: 14 Jan 2021 11:25 EST
Last activity: 16 Apr 2021 6:21 EDT

Timeout anonymous requestors in a web mashup

Report

We expose a case type to a customer facing website using web mashup and the authentication is done via an anonymous auth service. Whenever a customer visits the web page, a temporary operator is created. We observe that there're many requestors created and this results in a requestor limit alert. We also note that the requestors are removed after ~2 hours of inactivity (last access time). We would like to timeout the requestors as soon as possible to avoid the accumulation of too many requestors. The following options were tried and none of these seem to be in effect:

1. Set access group timeout (note that there's no 'use access group timeout' setting in anonymous auth service)

2. Use pxSessionTimer

3. Use customized version of pxSessionTimer as per https://collaborate.pega.com/question/session-timeout-back-login-screen

Please let us know if there's any possible solution to handle this.

Also, would like to know how the requestors are removed after ~2 hours. Which setting controls this behavior?

Thanks!

***Edited by Moderator Marissa to update Platform Capability tags; add Support Case details****
Pega Platform 8.2.7 Security Support Case Created
Reply
Posted: 8 months ago
Updated: 8 months ago
Posted: 11 Feb 2021 11:43 EST
Updated: 11 Feb 2021 11:45 EST
Chris Mertz (mertc)
PEGA
Principal Software Solutions Engineer
Pegasystems Inc.
US
Report

@Rifdhiii 

You are on the right track you just have not located the correct settings yet. 

There is a DSS setting, prconfig/timeout/browser/default value="900". The wording is a little confusing for this setting but what it does is tells the platform how long to allow a session to a browser to sit idle before a session timeout would occur. This setting is in minutes so it coverts to roughly 1.5 hours. Reduce this time and you should have a much shorter requestor life-span. 

You're probably wondering why this isn't the 2 hours you've observed. Well there is a browser timeout as well that keeps the session alive, that is typically 30 minutes. Which gives you your 2 hours. 

Finally you asked about how the requestors get cleaned up and who is responsible for this. There is a daemon that is responsible for cleaning up requestors. By default it runs every 60 seconds, which should be set low enough for most environments. This setting is configurable as well, but we don't recommend changing this unless there is an issue. It is prconfig/initialization/passivationinterval/default value="60". 

I hope this answers you questions,

 

Chris

Reply

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice