Use at your own risk, only way I could seem to skirt it. If the session goes idle for 7 days it will still expire as the session State data won’t be updated. Set your DateAdd to whatever.
CREATE TRIGGER [Ice].[COMP_ExtendExpired]
ON [Ice].[SessionState]
AFTER UPDATE
AS
BEGIN
UPDATE Ice.SessionState SET ExpiresOn = DATEADD(DAY, 7, i.ExpiresOn)
FROM Ice.SessionState s INNER JOIN inserted i ON s.SessionID = i.SessionID
WHERE s.SessionType = '00000003-B8EB-40C4-8897-248CB30C5D47';
END
GO
FWIW it looks like default as of 10.2.600 was 3 days ( 4320 min) before it was configurable. It’s the new default of 12 hours that threw us all off.
I still think 3 days over a Holiday weekend will welcome your users back with errors, especially MES Stations. I think the default oughta be 7 days max, if someone wants to set it, their problem.
Has anyone else noticed that the session timeout is much shorter in 2022 (.1 & .2)? In 10.2.700 the session would last 3 days but now we are seeing it expire overnight. The 2022.1 release notes say they moved the setting from the web.config to the DB in the Ice.GlobalSetting table but there are no session related items in that table.
Also Please note that @josecgomez@hmwillett@Banderson@jgiese.wci and others are part of the Controlled Release Panel, they failed to catch it before release. Credit must be given where credit is due.
I still think 3 days over a Holiday weekend will welcome your users back with errors. I think the default oughta be 7 days, or simply allow people to set ANY amount of minutes, its their problem, why limit it, the Classic Client doesn’t recover well.
Thoughts @Rich or @bconner on this enforcement? Why would Epicor allow only a maximum of 4320 minutes. We have to make use of SQL Triggers to modify SessionState to support Classic Clients still (MES etc).
I was totally joking… it’s a problem for us too. Interestingly though, we don’t use MES stations at all. We use EMWW and for the other functions we need that doesn’t do, a custom rolled app.
The historic default for Idle Session timeout has always been 72 hours which security experts feel is excessively long and was called out as a “negative” on security reviews. Based on that feedback, and “heated” requests from larger security conscious customers, we made the Session timeout value configurable with a 12 hour default vs the previous 72 hour hard coded setting.
We failed to flag this on the Release Notes as an important item - sorry about that. Security hardening a system can be controversial and we often find ourselves walking a fine line between usability and security best practices. In this case, we hardened the system and left the original timeout setting as an option. Allowing a longer timeout period was counter to the intent of the work done and we frankly never expected that someone would want an application (and the Server Session reference) to be valid for more than 3 days with no usage.
I know of 1 customer that has this value set to less than an hour and several others that have the setting at 120 minutes or less. For them, the security of the system is more important than the annoyance factor imposed on their users.
I think most of the issue is the difference between a normal desktop user, and an MES station. MES stations are usually logged in with generic user IDs (usually with the user name and password taped onto the monitor).
One of the issues with the full client is that it fails so hard. Most systems when you are logged out, simply route you to a loign screen to log back in. If that were the case, for full client, I don’t think you would get much flak.
I agree this is the issue, I’m okay with the session timing out, but it should cleanly return me to the login screen. Instead of just exploding my Epicor and rendering it useless until I completely close out and back in.
Perhaps that is a bug though. Should we open a ticket @Rich ?
Once you get this, your entire Epicor becomes useless and that error just loops on every click.
If it just prompted me for my password and all my windows etc were restored that wouldn’t be too bad. But it completely locks up and crashes if left overnight
to support Classic Clients still (MES etc).
