Inactivity Timeout - MultiDomSSO With Persistent MRHSession Cookies
Good morning!
I was looking to modify our SharePoint solution published through APM so that in the event of a user utilizing multiple tabs, a logout from one will simply shorten the Inactivity Timeout to 300 seconds vs. treating it like a SLO with a 302 to /vdesk/hangup.php3. In addition, the proposed iRule would also return the Inactivity Timeout to the default of 1800 seconds on a subsequent connection if another tab was in use. Here's the logic I've put into place:
when ACCESS_ACL_ALLOWED {
Set runtime variables.
set timeout_value [ACCESS::session data get "session.inactivity_timeout"]
Check for logoff URI and shorten Inactivity Timeout to 5 minutes if necessary.
if { [HTTP::uri] ends_with "/_layouts/SignOut.aspx" } {
if { $timeout_value != 300 } {
ACCESS::session data set session.inactivity_timeout 300
ACCESS::session data set session.max_session_timeout 300
}
} else {
if { $timeout_value != 1800 } {
ACCESS::session data set session.inactivity_timeout 1800
ACCESS::session data set session.max_session_timeout ""
}
}
Logging function to be removed prior to production.
set session_id [ACCESS::session data get "session.user.sessionid"]
set post_timeout_value [ACCESS::session data get "session.inactivity_timeout"]
set user_id [ACCESS::session data get "session.logon.last.username"]
if { $timeout_value != $post_timeout_value } {
switch -glob $post_timeout_value {
"1800" {
log local0.notice "[HTTP::uri] Session $session_id User $user_id: Inactivity timeout set to default $post_timeout_value."
}
"300" {
log local0.notice "[HTTP::uri] Session $session_id User $user_id: Inactivity timeout shortened to $post_timeout_value."
}
}
}
}
definition-checksum 334dfa0ed05e4a46e9fb578f0d5477a5
What I'm seeing is that although the session variables are shortented with this iRule, the session itself still sticks to the original Inactivity Timeout of 1800 seconds.
Are these session variables only applicable while Policy Evaluation is in progress? Is there any other way to modify the Inactivity Timeout of an existing valid session?
Thanks, all!