Configure session settings
To modify session settings, go to the Edit Receiver for web site screen, select the Session Settings tab.
Server communication attempts
The number of attempts for calls between the web proxy and store services, internal to StoreFront. Normally there is no need to modify this setting.
Communication timeout duration
The amount of time allowed for calls between the web proxy and store services, internal to StoreFront. Normally there is no need to modify this setting.
Session inactivity timeout
While accessing a StoreFront store through a web browser, after the specified period of inactivity, the session times out and user is logged out. Refreshing the web page or performing an action on a resource extends the session. User actions that do not result in network activity, such as navigating between tabs, do not extend the session. Shortly before the session expires, the user is prompted to extend the session. You can change the Session timeout to suit your users’ usage pattern. This does not affect locally installed Citrix Workspace app.
Alternatively you can use PowerShell. For example to set the timeout for the website ‘/Citrix/StoreWeb’ to 30 minutes:
$rfw = Get-STFWebReceiverService '/Citrix/StoreWeb'
Set-STFWebReceiverService $rfw -SessionStateTimeout 30
<!--NeedCopy-->
If you modify the session timeout so that it is greater than the Gateway session timeout you must increase the gateway session timeout accordingly. If you modify the session timeout so that it is greater than the Authentication token lifetime or Maximum token lifetime, these are automatically increased to match the session timeout.
Sign in timeout
When on the log in screen in a web browser, after a period of time the log in times out and a message is displayed to the user. The user can press Log On to return to the log on screen.
Authentication token lifetime
When a user accesses a StoreFront store through a browser, by default the user is logged out after eight hours, regardless of any activity. This does not affect locally installed Citrix Workspace apps. To increase this timeout:
- On StoreFront, navigate to
c:\inetpub\wwwroot\Citrix\<StoreWeb>
. - Open the
web.config
file. - Locate the entry:
<authentication tokenLifeTime="08:00:00" method="Auto" />
- Change the
tokenLifeTime
to the desired value. To enter a value of 1 day or more, use the formatd.h:m:s
.
If you increase the session timeout to be more than 20 hours, you must also increase the Maximum token lifetime of Authentication Service.
Citrix Gateway timeouts
For more information on gateway timeouts see Gateway documentation.
Session time-out
The session time-out applies if there is no network activity for the specified length of time. Refreshing the web page or performing an action on a resource extends the session. User actions that do not result in network activity, such as navigating between tabs, do not extend the session.
For web browser access you should set the Citrix Gateway Session time-out to a slightly higher value than the StoreFront Session timeout. This is to ensure that when the StoreFront session times out and it notifies the gateway, the gateway is able to cleanly sign out before its own session expires.
Locally installed Citrix Workspace app does not apply an inactivity timeout when connected to a StoreFront store. Therefore, the gateway is the only place that you need to apply an inactivity timeout. The app periodically refreshes the list of resources. For it to take effect, the session time-out must be lower than the app’s refresh period. By default the app’s refresh period is 60 minutes. To change this, see CTX221465.
Forced time-out
On the Citrix Gateway you may set a Forced time-out to disconnect the session after a given time regardless of the user’s activity.
Maximum token lifetime of Authentication Service
The Authentication Service issues tokens that are used when connecting to a store. By default the token expires after 20 hours which causes the user to be logged out.
If the user authenticated by a Citrix Gateway, then when the StoreFront token expires, StoreFront issues a challenge to the Citrix Gateway. If the gateway’s session is still active then it supplies the credentials to log back in to StoreFront. If you wish to prevent this then you must configure the gateway’s Forced time-out to be the same as the maximum token lifetime.
Normally when using the store in a web browser, the inactivity timeout causes the session to be logged out before the token expires so the token lifetime is mainly relevant to locally installed Citrix Workspace app. To configure the maximum token lifetime:
-
For the Citrix Workspace app installed on the StoreFront Server, navigate to the path of your store’s auth service
c:\inetpub\wwwroot\Citrix\<Store>Auth
(which could be one of several auth services depending on how many Stores you have). -
In the
web.config
file, locate the Authentication Token Producer service, and within that, find theadd
element whoseid
matches that of the Authentication Token Producer. In the following example, you need theadd
element withid="f7cac185-57c1-4629-a33c-88a89dd4295d" encipherId="2948f7ad-735e-4e03-8e01-8d4f5d3ca75b"
:<service id="f7cac185-57c1-4629-a33c-88a89dd4295d" displayName="Authentication Token Producer"> <relyingParties signingId="2948f7ad-735e-4e03-8e01-8d4f5d3ca75b" defaultLifetime="01:00:00" maxLifetime="01:00:00"> <clear /> <add id="f7cac185-57c1-4629-a33c-88a89dd4295d" encipherId="2948f7ad-735e-4e03-8e01-8d4f5d3ca75b" defaultLifetime="01:00:00" maxLifetime="20:00:00" /> <!--NeedCopy-->
-
Change the
maxLifetime
to the desired value. The default is20:00:00
. To enter a value of 1 day or more, use the formatdd.hh:mm:ss
. -
Run the
iisreset
command to apply the changes. Running this command logs off the users from Citrix StoreFront Web but it doesn’t impact their current ICA session.