Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Instance doesn't time out users as expected?

georgechen
Kilo Guru

‎02-06-2018 11:36 PM

Hi folks,

I am having an instance time out issue; referring to   Manage user sessions , I have changed sys_properties

glide.security.csrf.handle.ajax.timeout   = true

glide.ui.session_timeout = 10 (10 minutes just for testing)

glide.ui.auto_req.extend.session = false

One thing I notice that in the instance, the 'Remember me' is not visible probably it has been customized by our company, and I am wondering if I can make it visible again in order to test the time out.

Potentially I was thinking of tracking users' last activity like last time interaction over a session, and implemented a timer to time out users if being idle for a period of time.

Any advice would be highly regarded.

Thanks,

0 Helpfuls
  • 2,040 Views
7 REPLIES 7

adamjgreenberg
ServiceNow Employee
ServiceNow Employee

‎02-07-2018 09:35 AM

George,



Do you have the "remember me" default value set to false in the system properties?



glide.ui.remember.me.default = false



Are you using SSO? If so, this will override the session_timeout variable.


0 Helpfuls

georgechen
Kilo Guru
In response to adamjgreenberg

‎02-07-2018 01:50 PM

Thanks Adam, yes, I checked and found it already set to false.     I am testing on a new dummy user again to see how it goes.


find_real_file.png


Preview file
15 KB
0 Helpfuls

adamjgreenberg
ServiceNow Employee
ServiceNow Employee
In response to georgechen

‎02-07-2018 01:53 PM

George,



Can you go to sys_user_token_list.do and find the user that is not timing out? What's the value for the invalidated date? Is it null?



ETA: One more thing, what's the "expires" date? Is it the time/date that you're expecting (8 hours, 10 minutes, etc....) or is it years in the future?



Can you then check sys_user_session_list.do and look for same user, are there more than one with a NULL invalidated date?




Sorry, one final thing.



Can you check this scheduled job - Clean User Tokens



yourinstance.service-now.com/sys_trigger.do?sys_id=c4a375b27f000001013bed88b0ef199a



Is it running on a schedule? Has it run recently?




You may need to be more aggressive with the timings:



//Delete the expired tokens

var gr = new GlideRecord('sys_user_token');

gr.addQuery('expires', '<', gs.daysAgo(0));

gr.deleteMultiple();



//Delete the invalidated tokens that are more than 30 days old

gr = new GlideRecord('sys_user_token');

gr.addQuery('invalidated', '<', gs.daysAgo(30));

gr.deleteMultiple();



//Delete the tokens that are created more than 60 days ago

//If a user has a session that runs for 60 days straight, then we force a re-login

gr = new GlideRecord('sys_user_token');

gr.addQuery('sys_created_on', '<', gs.daysAgo(60));

gr.deleteMultiple();


At last resort you'd want to modify line 16 to delete the token if greater than X days.


georgechen
Kilo Guru
In response to adamjgreenberg

‎02-07-2018 04:34 PM

Hi Adam,



I opened the list and found 14k records in it, 44 without Invalidated populated and I can see my self in one of the record


find_real_file.png



I would be expecting the expiring date to be 10 minutes as I changed glide.ui.session_timeout   to 10 as mentioned earlier ;



I can also confirm the 'Clean user tokens' is running in my testing instance, and it runs every one hour


find_real_file.png



My testing account was locked out (not sure it was 10 minutes, and I am testing again)



I was wondering if the 'glide.ui.session_timeout' was correctly set, why it wouldn't lot out users?




Preview file
24 KB
Preview file
57 KB
0 Helpfuls