Configure the session timeout

2 Years Ago


A timeout session is configured to prevent idle sessions to remain open, generating potential security weaknesses. Nevertheless, the time might be short for some end users requiring them to constantly re-enter their session data. The behavior of the session expiration depends on the authentication type, and other user options, like reminding passwords through the browser, among others.
The following article explains you how to configure the timeout session to the value of your choice.

Applies to

Bizagi 10.x or later.


The session duration is configured through several options. Bizagi will enable the one that is the most restrictive configuration. Ideally all options should have the same configuration to make sure the correct time is set. 

According to your business needs, you may choose one of the following options:

1. Configure Bizagi Session Time: This option applies only when your Authentication Type is Bizagi Autentication. Defines the time in minutes, in which an idle session expires. Review the following article in our User Manual for more information

2. Configure Session State timeout: This parameter is configured in your Project’s web.config file. By default, this value is set to 20 minutes. Follow the next steps in order to change this value

2.1 Open the web.config file located in the root folder (i.e, C:\Bizagi\Projects\[ProjectName]\WebApplicaton\web.config) of your web site using the text editor of your choice (i.e, Notepad).

2.2 Locate the sessionState property and change the value for timeout. This value is in minutes.

2.3 Save the web.config file and restart your server.

3. Configure application pool idle timeout: Change the timeout of the worker process. By default, this value is set to 20 minutes. In order to configure the timeout, follow the procedure explained in this article

1. Locate the distributable EAR file delivered by Bizagi for your server.

2. Open the file using a compressor utility as WinRAR, 7Zip, etc.

3. Locate the web.xml file in BizAgi-war.war\WEB-INF folder and open it using the text editor of your choice.

4. Locate the <session-timeout> key and change its value to 20 which corresponds to 20 minutes.

5. Save the file and deploy the modified EAR to your server.

Rate this Article:


Last Modified:2 Years Ago
Last Modified By: JorgeR
Level: Advanced
Rated 2 stars based on 7 votes.
Article has been viewed 12.4K times.