So some month ago I had a customer that was contacted by Sitecore (version 10.2), because of heavy use of Sitecore user boosting (you know, when the limit of concurrent users has been reached - the one trying to login can boost the number of concurrent users. Typically by boosting five more temp users).
As the customer didn't have more content "contributors" (editors, marketers, admins etc) working in the client, than the number of concurrent users in the license subscribed, the issue was not because of incorrect license, but more of contributors not logging out or correctly.
After changing the session timeout in the /App_Config/Sitecore.config file from two hours (it was an old change and the customer was one handed over by another Sitecore implementation partner) to 20 minutes:
<!-- AUTHENTICATION CLIENT SESSION TIMEOUT
Specifies the number of minutes before Sitecore considers user authentication session tickets as expired.
This setting is only relevant for users logging in to Sitecore Client and when the Sitecore license has a limited number
of concurrent editors.
All expired sessions will automatically be removed when a new user tries to log in and the maximum
number of concurrent editors has been reached.
The default is 60 minutes (1 hour).
-->
<setting name="Authentication.ClientSessionTimeout" value="20" />
We still had the issue with exceeding the number of concurrent users. As the customer was using Sitecore Identity and Sitecore Identity Server the user at the Sitecore Identity Server was still active. But by aligning the Sitecore Identity Server session timeout / accesstoken/identitytoken lifetime with the Authentication client session timeout, the content contributor was correctly logged out after 20 minutes of idle - making the use of Sitecore User Boosting much rare.
No comments:
Post a Comment