How You Force Session Expiration

This topic describes how to force session expiration for staff members using the SESSION_HARD_TIMEOUT configuration setting.

Reducing session exploitation can help your organization protect its data. And B2C Service is set up to automatically expire sessions so you can control the length of time before staff sessions expire. Although you have other ways to force staff members to reauthenticate, the session hard timeout feature should be the primary method you use since it requires no manual intervention on your part.

The SESSION_HARD_TIMEOUT configuration setting (RightNow User Interface/General/Security) can be set for a time value between a minimum of 1 hour and a maximum of 8,760 hours (1 year). The default value is 12 hours.

A warning message alerts staff members five minutes before their current session is set to expire and tells them to reauthenticate. After entering login credentials, the staff member will be authenticated, a new session will be created, and the session ID will be updated throughout the product. The staff member can continue working without any loss of data.

Note: Desktop Add-Ins (.NET API), Connect Desktop Integration (JavaScript API), and Co-browse will receive a notification when a new session has been created. See Desktop Add-Ins Developer Guide and Connect JavaScript API Developer Guide.

If a staff member dismisses the warning message (by clicking Cancel), the Service Console locks when the session expires. After the staff member enters login credentials and is authenticated, a new session is created and the staff member can proceed without losing any work.

Agents who are chatting with customers must also enter their password to reauthenticate. If an agent does not reauthenticate, any open chat sessions are sent back into the queue for assignment to the next available agent.