Configure session settings
To modify session settings, go to the Edit Receiver for web site screen, select the Session Settings tab.
Server communication attempts
The number of attempts for calls between the web proxy and store services, internal to StoreFront. Normally there is no need to modify this setting.
Communication timeout duration
The amount of time allowed for calls between the web proxy and store services, internal to StoreFront. Normally there is no need to modify this setting.
Session inactivity timeout
While accessing a StoreFront store through a web browser, after a period of inactivity, the user sees the message Your session has timed out due to inactivity. You can change the Session timeout to suit your users’ usage pattern. This does not affect Citrix Workspace apps.
Alternatively you can use PowerShell. For example to set the timeout for the website ‘/Citrix/StoreWeb’ to 30 minutes:
$rfw = Get-STFWebReceiverService '/Citrix/StoreWeb' Set-STFWebReceiverService $rfw -SessionStateTimeout 30 <!--NeedCopy-->
If you modify the session timeout so that it is greater than the Authentication token lifetime or Maximum token lifetime then this also updates the authentication token lifetime and Maximum token lifetime to match.
Authentication token lifetime
When a user accesses a StoreFront store through a browser, by default the user is logged out after eight hours, regardless of any activity. This does not affect Citrix Workspace apps. To increase this timeout:
- On StoreFront, navigate to c:\inetpub\wwwroot\Citrix<StoreWeb>.
- Open the
- Locate the entry:
<authentication tokenLifeTime="08:00:00" method="Auto" />
- Change the
tokenLifeTimeto the desired value. To enter a value of 1 day or more, use the format
If you increase the session timeout to be more than 20 hours, you must also increase the Maximum token lifetime of Authentication Service.
Maximum token lifetime of Authentication Service
The Authentication Service issues tokens that are used when connecting to a store through a web browser or Citrix Workspace apps. For Citrix Workspace apps this is the only login timeout that needs to be updated. When accessing StoreFront through a browser, this timeout is used with the other timeouts. Unlike other settings described on this page this applies to all websites for the store.
When fronting StoreFront with Citrix Gateway, Citrix Gateway has the user credentials and does SSO to StoreFront. If the StoreFront token expires, StoreFront would issue a CitrixAG Basic challenge and Citrix Gateway would supply the credentials to log in to StoreFront. So if you are also using Citrix Gateway, then you also need configure its own session timeout.
For the Citrix Workspace app installed on the StoreFront Server, navigate to the path of your store’s auth service
c:\inetpub\wwwroot\Citrix\<Store>Auth(which could be one of several auth services depending on how many Stores you have).
web.configfile, locate the Authentication Token Producer service, and within that, find the
idmatches that of the Authentication Token Producer. In the following example, you need the
<service id="f7cac185-57c1-4629-a33c-88a89dd4295d" displayName="Authentication Token Producer"> <relyingParties signingId="2948f7ad-735e-4e03-8e01-8d4f5d3ca75b" defaultLifetime="01:00:00" maxLifetime="01:00:00"> <clear /> <add id="f7cac185-57c1-4629-a33c-88a89dd4295d" encipherId="2948f7ad-735e-4e03-8e01-8d4f5d3ca75b" defaultLifetime="01:00:00" maxLifetime="20:00:00" /> <!--NeedCopy-->
maxLifetimeto the desired value. The default is
20:00:00. To enter a value of 1 day or more, use the format
iisresetcommand to apply the changes. Running this command logs off the users from Citrix StoreFront Web but it doesn’t impact their current ICA session.