How timeout settings in MicroStrategy Web and the MicroStrategy Intelligence Server affect users in MicroStrategy Web
When a user logs into MicroStrategy Web , there are two timeout settings which come into play.
1.The first is the 'Web User Session Idle Time'
setting.
This generally located under MicroStrategy Intelligence Server Configuration
-> Governing -> General, as shown in the image below. This setting
limits the time, in seconds, that users can remain idle before their
MicroStrategy Intelligence Server session is ended.
2. The second setting is the 'timeout' setting in the
web.config file. This file we can found in the default directory C:\Program
Files\MicroStrategy\Web ASPx. This can also be configured graphically
through IIS manager. You can check Configure IIS for timeout .
A small section of the file including this setting is shown below:
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="20" />
MicroStrategy Web saves the information for user
sessions in a .NET session object. A .NET session
objects provide their own session management and define a timeout This works independently of the value entered for the MicroStrategy
Intelligence Server's governing 'Web user session idle time' setting.
Users are prompted for their login information because of a timeout of
the session object in the .NET infrastructure.
A third security setting that should be kept in
mind for session timeouts for MicroStrategy Web is 'Allow automatic
login if session is lost'. This setting can be found in the Security
section on the Web Administration Page:
A user logs in, performs some actions, and then idles for 30 minutes.
When the user returns and attempts to continue working, the session is
lost (Since timeout setting for ASP session is 20 minutes in Web.config) and the user is prompted to log back in. This is because the ASP .NET
session object for that user has expired before the Web User Session
Idle Timeout. The 'Allow automatic login if session is lost' can ONLY
create new MicroStrategy Intelligence Server sessions, so if the ASPNET
session object has timed out, the user has to log back in to create a
new ASPNET session object, even if the MicroStrategy Intelligence Server
session is still available. Users will not receive an error message but
will just be sent back to the Login screen before they can proceed with
whatever action they selected to continue with.
A user logs in, performs some actions, and then idles for 30 minutes.
When the user returns and attempts to continue working, there is no
prompt for a login and the user can continue working. This is because if
checked, the 'Allow automatic login if sessions is lost' setting will
recreate a MicroStrategy Intelligence Server session when the original
has timed out.
A user logs in, performs some actions, and then idles for 30 minutes.
When the user returns and attempts to continue working, the session is
lost and the user is prompted to log back in. Since the 'Allow automatic
login if sessions is lost' is not checked, then the Web Server cannot
create a new MicroStrategy Intelligence Server session, and the user is
asked to log back in.
This setting enables users to be automatically
reconnected to the MicroStrategy Intelligence Server if the session is
lost. This setting will NOT automatically reconnect the .NET session
object.
To fully understand how these settings interact with each other, read the following scenarios:
Scenario 1:
Web User Session Idle Time = 60 minutes Timeout setting in Web.config = 20 minutes Allow automatic login if session is lost =Checked
Scenario 2:
Web User Session Idle Time = 20 minutes Timeout setting the Web.config file = 60 minutes Allow automatic login if session is lost = checked
Scenario 3:
Web User Session Idle Time = 20 minutes Timeout setting the Web.config file = 60 minutes Allow automatic login if session is lost = unchecked
Error in Login Your user session has been lost, and you have been automatically logged out. Please log in again.
Comments