Configure session settings

To modify session settings, go to the Edit Receiver for web site screen, select the Session Settings tab.

Screenshot of Session Settings screen

Server communication attempts

The number of attempts for calls between the web proxy and store services, internal to StoreFront. Normally there is no need to modify this setting.

Communication timeout duration

The amount of time allowed for calls between the web proxy and store services, internal to StoreFront. Normally there is no need to modify this setting.

Session inactivity timeout

While accessing a StoreFront store through a web browser, after a period of inactivity, the user sees the message Your session has timed out due to inactivity. You can change the Session timeout to suit your users’ usage pattern. This does not affect Citrix Workspace apps.

Alternatively you can use PowerShell. For example to set the timeout for the website ‘/Citrix/StoreWeb’ to 30 minutes:

$rfw = Get-STFWebReceiverService '/Citrix/StoreWeb'
Set-STFWebReceiverService $rfw -SessionStateTimeout 30

If you modify the session timeout so that it is greater than the Authentication token lifetime or Maximum token lifetime then this also updates the authentication token lifetime and Maximum token lifetime to match.

Authentication token lifetime

When a user accesses a StoreFront store through a browser, by default the user is logged out after eight hours, regardless of any activity. This does not affect Citrix Workspace apps. To increase this timeout:

  1. On StoreFront, navigate to c:\inetpub\wwwroot\Citrix<StoreWeb>.
  2. Open the web.config file.
  3. Locate the entry: <authentication tokenLifeTime="08:00:00" method="Auto" />
  4. Change the tokenLifeTime to the desired value. To enter a value of 1 day or more, use the format d.h:m:s.

If you increase the session timeout to be more than 20 hours, you must also increase the Maximum token lifetime of Authentication Service.

Maximum token lifetime of Authentication Service

The Authentication Service issues tokens that are used when connecting to a store through a web browser or Citrix Workspace apps. For Citrix Workspace apps this is the only login timeout that needs to be updated. When accessing StoreFront through a browser, this timeout is used with the other timeouts. Unlike other settings described on this page this applies to all websites for the store.

When fronting StoreFront with Citrix Gateway, Citrix Gateway has the user credentials and does SSO to StoreFront. If the StoreFront token expires, StoreFront would issue a CitrixAG Basic challenge and Citrix Gateway would supply the credentials to log in to StoreFront. So if you are also using Citrix Gateway, then you also need configure its own session timeout.

  1. For the Citrix Workspace app installed on the StoreFront Server, navigate to the path of your store’s auth service c:\inetpub\wwwroot\Citrix\<Store>Auth (which could be one of several auth services depending on how many Stores you have).

  2. In the web.config file, locate the Authentication Token Producer service, and within that, find the add element whose id matches that of the Authentication Token Producer. In the following example, you need the add element with id="f7cac185-57c1-4629-a33c-88a89dd4295d" encipherId="2948f7ad-735e-4e03-8e01-8d4f5d3ca75b":

    <service id="f7cac185-57c1-4629-a33c-88a89dd4295d" displayName="Authentication Token Producer">
        <relyingParties signingId="2948f7ad-735e-4e03-8e01-8d4f5d3ca75b" defaultLifetime="01:00:00" maxLifetime="01:00:00">
        <clear />
        <add id="f7cac185-57c1-4629-a33c-88a89dd4295d" encipherId="2948f7ad-735e-4e03-8e01-8d4f5d3ca75b" defaultLifetime="01:00:00" maxLifetime="20:00:00" />
  3. Change the maxLifetime to the desired value. The default is 20:00:00. To enter a value of 1 day or more, use the format dd.hh:mm:ss.

  4. Run the iisreset command to apply the changes. Running this command logs off the users from Citrix StoreFront Web but it doesn’t impact their current ICA session.

Configure session settings