Automatically Logging Out Inactive Sessions
In addition to manually logging out active sessions, you can also set up your application to automatically log out inactive sessions.
You’ll configure automatic logout of inactive sessions using a configuration setting and a profile setting, which work together to give you more flexibility in managing your desktop user sessions and maintaining site security.
- CLIENT_SESSION_EXP—Use this configuration setting to specify the time in one-minute intervals
that a session can be inactive before a staff account is automatically logged out. The
default value of the CLIENT_SESSION_EXP configuration setting (RightNow User
Interface/General Security) is 15 minutes and the maximum value is 1440
(24 hours).
Even if you disable desktop usage administration, you can still use the CLIENT_SESSION_EXP configuration setting to maintain security on your site.
- Session Timeout field—Use this field on the Profiles editor to specify a time (0–1440 minutes) other than the time defined in the CLIENT_SESSION_EXP configuration setting that a session can be inactive before a staff account is automatically logged out, or set this field so that staff members with a particular profile are exempt from being automatically logged out due to inactivity. By default, this field is null, meaning that the value in CLIENT_SESSION EXP will be used for automatic logout. Entering any value in this field overrides the value defined in CLIENT_SESSION_EXP.
Here’s how automatic logout of inactive sessions works. When the time of inactivity has been exceeded, the client sends a logout request to the server, which will update the end date and time in the User Transactions (user_trans) table in the Oracle database.
Staff members will receive a Console Locked message asking for their password to reauthenticate. After a staff member enters login credentials and is authenticated, a new session is created and the staff member can continue working without any loss of data.
For staff members who choose to exit the application, all their unsaved work will be lost. In addition, after entering four incorrect passwords, a staff member will be locked out of the console and must re-launch the application. Any unsaved work will be lost.
Agents who are chatting with customers when they are automatically logged out must also enter their password to reauthenticate. If an agent does not reauthenticate, any open chat sessions are sent back into the queue for assignment to the next available agent.