how to set session time out for content authors in Sitecore 10.2?

Question

Not able to set session time out in Sitecore 10.2.

If I leave the browser open for more than 20 minutes with the launchpad displayed and then click on any button after that, I expect the session timeout to occur and log me out automatically. But this doesn't happen as I expect.

Is there a way to force a session timeout logout?

Answer 1

You have to update the CookieLifetime and IdentityTokenLifetimeInSeconds configuration settings for your Sitecore Identity Server site in ..{your_identity_server_root_folder}\sitecore\Sitecore.Plugin.IdentityServer\Config\identityServer.xml:

<Settings>
  <Sitecore>
    <IdentityServer>
...
     <Authentication>
        <!-- Sets the identity server cookie lifetime -->
        <CookieLifetime>0.00:25:00</CookieLifetime>
...
      </Authentication>

...

      <Clients>
        <DefaultClient>
...
          <IdentityTokenLifetimeInSeconds>1500</IdentityTokenLifetimeInSeconds>
...
        </DefaultClient>
...
      </Clients>
    </IdentityServer>
  </Sitecore>
</Settings>

By default both settings are set to 25 minutes and you can adjust them for your needs at any time. If you have a requirement to log out your Sitecore Admin Users automatically if they are not using the Sitecore Admin for more than 20 minutes then set CookieLifetime to "0.00:20:00" and IdentityTokenLifetimeInSeconds to "1200".

Once amended the config settings please remember to restart your Sitecore Identity Server site as it will only read the new settings on the start.