1. Using B2C Service
  2. Automatically Logging Out Inactive Sessions

Automatically Logging Out Inactive Sessions

In addition to manually logging out active sessions, you can also set up your application to automatically log out inactive sessions.

You’ll configure automatic logout of inactive sessions using a configuration setting and a profile setting, which work together to give you more flexibility in managing your desktop user sessions and maintaining site security.

  • CLIENT_SESSION_EXP—Use this configuration setting to specify the time in one-minute intervals that a session can be inactive before a staff account is automatically logged out. The default value of the CLIENT_SESSION_EXP configuration setting (RightNow User Interface/General Security) is 15 minutes and the maximum value is 1440 (24 hours).

    Even if you disable desktop usage administration, you can still use the CLIENT_SESSION_EXP configuration setting to maintain security on your site.

  • Session Timeout field—Use this field on the Profiles editor to specify a time (0–1440 minutes) other than the time defined in the CLIENT_SESSION_EXP configuration setting that a session can be inactive before a staff account is automatically logged out, or set this field so that staff members with a particular profile are exempt from being automatically logged out due to inactivity. By default, this field is null, meaning that the value in CLIENT_SESSION EXP will be used for automatic logout. Entering any value in this field overrides the value defined in CLIENT_SESSION_EXP.
Note: Even if you exempt certain staff members from being automatically logged out due to inactivity, staff member sessions will still expire and staff must reauthenticate when the time set in the SESSION_HARD_TIMEOUT configuration setting expires.

Here’s how automatic logout of inactive sessions works. When the time of inactivity has been exceeded, the client sends a logout request to the server, which will update the end date and time in the User Transactions (user_trans) table in the Oracle database.

Staff members will receive a Console Locked message asking for their password to reauthenticate. After a staff member enters login credentials and is authenticated, a new session is created and the staff member can continue working without any loss of data.

For staff members who choose to exit the application, all their unsaved work will be lost. In addition, after entering four incorrect passwords, a staff member will be locked out of the console and must re-launch the application. Any unsaved work will be lost.

Agents who are chatting with customers when they are automatically logged out must also enter their password to reauthenticate. If an agent does not reauthenticate, any open chat sessions are sent back into the queue for assignment to the next available agent.

Note: Staff members who log in through an identity provider (that is, using the single sign-on process) will not have the opportunity to re-enter their password to continue working in the application. Any unsaved work will be lost.