How to change the timeout interval for NuGenesis SDMS WebVision - WKB82210
OBJECTIVE or GOAL
Modify the default timeout interval in NuGenesis SDMS WebVision
ENVIRONMENT
- NuGenesis 9 SDMS
- NuGenesis 8 SDMS
PROCEDURE
- New WebVision (NG9.3+)
- Open the file: Drive:\Program Files (x86)\Waters\NGSDMS\Application Server\Vision\SDMSIdentity\appsettings.json
- Change the value for 'RefreshTokenExpiration' from 30 to a value such as 2 and 'IdentityTokenExpiration' from 240 to different value, such as 5, as shown below. This will result in a 5 min logout as a result of inactivity but If you do something in VISION after at least 2 minutes (when the refresh token expires) you get another 5 minutes of token).
{
"AllowedHosts": "*",
"AppSettings": {
"Identity": {
// Defines the lenght (in minutes) for the expiratation of the refresh token.
// Should be greater or equal than 30 mins, anything lower will be ignored.
"RefreshTokenExpiration": "2",
// Should be greater or equal than RefreshTokenExpiration.
"IdentityTokenExpiration": "5",
// Application secret, used to sign the jwt token
"ApplicationSecret": "Place the certificate thumbprint here and use it for encoding the token"
}, - Save the changes and restart IIS.
- NOTE: Despite what it states in the file about 30 mins being the minimum value, we can confirm that lower values do in fact work.
For application stability reasons, the recommendation is to use a minimum value of 30 mins for both.Let's say you have the IdentityToken set to 240 mins (4 hours) and the RefreshToken set to 30 minutes. If you don't do anything in Vision in those 4 hours you'll be logged out.
If you do some action within 30 minutes from the time you logged in, nothing changes (no authentication token expiration validity is checked and the action proceeds normally).
If you log in and wait 35 minutes (a period longer than the refresh token value, for example) before doing some action in Vision, then we have an expired refresh token. This time the application will generate a new access token and a new refresh token. This is to keep the session alive - to re-set the 4 hours expiration on the session from the moment you did the last action in Vision.
This was also implemented for security purposes: You don't have the same IdentityToken for 4 hours. It gets changed (refreshed) any time the refresh token is expired. This way, if someone gets access to the first IdentityToken you have generated, it doesn't matter too much because, most probably, you've already generated new ones and the older ones are obsolete.
On the other hand, we can't set the refresh token to 1 second. This means that almost each action in Vision (that calls an API in the backend) will regenerate the access token (IdentityToken). This would not be too efficient.
- Legacy WebVision (NG8 - NG9.3)
- IIS timeout
- Open IIS Manager
- Select Default Web Site
- Click Limits
- Type a new value for the Connection timeout (default: 120 seconds)
- Click OK
- Click on the PC Node in IIS
- Double-Click Application Request Routing Cache under IIS section
- Click Server Proxy Settings
- Type a new value for Time-out (seconds) under Proxy Setting (default: 120 seconds)
- Click Apply under Actions in right-hand window.
- Click PC Node again in IIS
- Click Restart under Actions in right-hand window.
- Apache Tomcat timeout
- Edit the following file in Notepad:
- For NuGenesis 8 SDMS:
- Drive:\Program Files (x86)\apache-tomcat-6.0.29\conf\web.xml
- For NuGenesis 9 SDMS:
- Drive:\Program Files (x86)\Waters\apache-tomcat-9.0.8\conf\web.xml
- For NuGenesis 8 SDMS:
- Modify the following line:
- <session-timeout>30</session-timeout>
- Change "30" to the desired timeout interval in minutes
- Save and close the file
- Open Control Panel > Administrative Tools > Services
- Stop the Apache Tomcat service, restart the NuGenesis VISION Server service, and start the Apache Tomcat service
- Edit the following file in Notepad:
- IIS timeout
ADDITIONAL INFORMATION
id82210, SDMS, SDMS8, SDMS8NU, SUPISDMS, SUPNG