StoreFront

Configure session settings

To modify session settings, go to the Edit Receiver for web site screen, select the Session Settings tab.

Screenshot of Session Settings screen

Server communication attempts

The number of attempts for calls between the web proxy and store services, internal to StoreFront. Normally there is no need to modify this setting.

Communication timeout duration

The amount of time allowed for calls between the web proxy and store services, internal to StoreFront. Normally there is no need to modify this setting.

Session inactivity timeout

While accessing a StoreFront store through a web browser, after the specified period of inactivity, the session times out and user is logged out. Refreshing the web page or performing an action on a resource extends the session. User actions that do not result in network activity, such as navigating between tabs, do not extend the session. Shortly before the session expires, the user is prompted to extend the session. You can change the Session timeout to suit your users’ usage pattern. This does not affect locally installed Citrix Workspace app.

Alternatively you can use PowerShell. For example to set the timeout for the website ‘/Citrix/StoreWeb’ to 30 minutes:

$rfw = Get-STFWebReceiverService '/Citrix/StoreWeb'
Set-STFWebReceiverService $rfw -SessionStateTimeout 30
<!--NeedCopy-->

If you modify the session timeout so that it is greater than the Gateway session timeout you must increase the gateway session timeout accordingly. If you modify the session timeout so that it is greater than the Authentication token lifetime or Maximum token lifetime, these are automatically increased to match the session timeout.

Sign in timeout

When on the log in screen in a web browser, after a period of time the log in times out and a message is displayed to the user. The user can press Log On to return to the log on screen.

Authentication token lifetime

When a user accesses a StoreFront store through a browser, by default the user is logged out after eight hours, regardless of any activity. This does not affect locally installed Citrix Workspace apps. The value is not display on the management console.

To view the current value use Get-STFWebReceiverAuthenticationMethods and check the TokenLifeTime property. For example:

$rfweb = Get-STFWebReceiverService -VirtualPath "/Citrix/StoreWeb"
$rfauth = Get-STFWebReceiverAuthenticationMethods -WebReceiverService $rfweb
$rfauth.TokenLifeTime.ToString()
<!--NeedCopy-->

To set the timeout using PowerShell, use cmdlet Set-STFWebReceiverAuthenticationMethods with parameter TokenLifeTime. For example:

$rfweb = Get-STFWebReceiverService -VirtualPath "/Citrix/StoreWeb"
$rfauth = Get-STFWebReceiverAuthenticationMethods -WebReceiverService $rfweb
Set-STFWebReceiverAuthenticationMethods -WebReceiverService $rfweb -TokenLifeTime "07:00:00"
<!--NeedCopy-->

If you increase the session timeout to be more than 20 hours, you must also increase the Maximum token lifetime of Authentication Service.

Citrix Gateway timeouts

For more information on gateway timeouts see Gateway documentation.

Session time-out

The session time-out applies if there is no network activity for the specified length of time. Refreshing the web page or performing an action on a resource extends the session. User actions that do not result in network activity, such as navigating between tabs, do not extend the session.

For web browser access you should set the Citrix Gateway Session time-out to a slightly higher value than the StoreFront Session timeout. This is to ensure that when the StoreFront session times out and it notifies the gateway, the gateway is able to cleanly sign out before its own session expires.

Locally installed Citrix Workspace app does not apply an inactivity timeout when connected to a StoreFront store. Therefore, the gateway is the only place that you need to apply an inactivity timeout. The app periodically refreshes the list of resources. For it to take effect, the session time-out must be lower than the app’s refresh period. By default the app’s refresh period is 60 minutes. To change this, see CTX221465.

Forced time-out

On the Citrix Gateway you may set a Forced time-out to disconnect the session after a given time regardless of the user’s activity.

Maximum token lifetime of Authentication Service

The Authentication Service issues tokens that are used when connecting to a store. By default the token expires after 20 hours which causes the user to be logged out.

If the user authenticated by a Citrix Gateway, then when the StoreFront token expires, StoreFront issues a challenge to the Citrix Gateway. If the gateway’s session is still active then it supplies the credentials to log back in to StoreFront. If you wish to prevent this then you must configure the gateway’s Forced time-out to be the same as the maximum token lifetime.

Normally when using the store in a web browser, the inactivity timeout causes the session to be logged out before the token expires so the token lifetime is mainly relevant to locally installed Citrix Workspace app.

To view the maximum token lifetime run the following PowerShell:

$store = Get-STFStoreService -VirtualPath "[store path]"
$auth = Get-STFAuthenticationService -StoreService $store
$relyingParty = $auth.ProducerService.RelyingParties | Where-Object { $_.Id -eq $auth.ProducerService.Id }
$relyingParty.MaxLifetime.ToString()
<!--NeedCopy-->

Replacing [store path] with the appropriate store path.

To configure the maximum token lifetime run the following PowerShell:

$store = Get-STFStoreService -VirtualPath "[store path]"
$auth = Get-STFAuthenticationService -StoreService $store
$relyingParty = $auth.ProducerService.RelyingParties | Where-Object { $_.Id -eq $auth.ProducerService.Id }
$relyingParty.MaxLifetime = "[max lifetime]"
Save-STFService -Service $auth
<!--NeedCopy-->

Replacing [store path] with the appropriate store path and [max lifetime] with the desired timeout. For values up to a day use the format hh:mm:ss. For values over a day use the format d.hh:mm:ss.