One annoying feature when developing any CMS platform is having to constantly log into the CMS editor multiple times throughout the day. In today’s tutorial, I’m going to cover a technique that should extend the timeout value in Sitecore.
How Does Sitecore Expiry Work?
The logic for a content editor’s session expiration in a Sitecore is based on the underlining FormsAuthentication process for a generic ASP.NET application.
The Sitecore Client Timeout Setting
This setting prolongs the timeout being logged out of Sitecore. By default, this is usually set at 60 minutes, I usually make this 3 hours on my development config. This means I can go to lunch without having to log back in 🙂
<setting name="Authentication.ClientSessionTimeout" value="180" />
Forms Authentication Timeout
As Sitecore authentication uses the .NET membership provider, the forms authentication timeout will also apply to Sitecore. To change this find the tag in your web.config.
<authentication mode="None"> <forms name=".ASPXAUTH" cookieless="UseCookies" timeout="180"/> </authentication>
The last timeout configuration change that you may need to change is the session timeout. The Session timeout will only affect your website if you have enabled manage session by database instead of a cookie.
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="180" />
Note Depending on which version of Sitecore you are using, if you share the same user account between different people (which is not a recommended practice for a number of reasons), then you may find you encounter strange log-out behavior. In version 7.1 Sitecore fixed an issue, where if one user with the same log-in are logged in concurrently, if one of them logged out, all the others would as well. If you are experiencing strange timeout issues, it might be a good idea just to check everyone has an individual Sitecore account.
Session Expiration Within The Sitecore Client & Licensing
In Sitecore, some licenses have a restriction about the number of users who can use the editor at the same time. This can cause issues when one user needs to log in but another user has one of the available log-in spots.
When an editor logs into Sitecore, the CMS will store who logged in and when. By default, if a user has been inactive for 8 hours, if another user logs-in and the expiry time has been and gone, the new log-in request will bump the expired user out.