Product documentation
StoreFront
Current Release 2402 LTSR 2203 LTSR 1912 LTSR 3.12
View PDF

Configure session settings

May 29, 2024
Contributed by: 
C S

To modify session settings, go to the Edit Receiver for web site screen, select the Session Settings tab.

Screenshot of Session Settings screen

Server communication attempts

The number of attempts for calls between the web proxy and store services, internal to StoreFront. Normally there is no need to modify this setting.

Communication timeout duration

The amount of time allowed for calls between the web proxy and store services, internal to StoreFront. Normally there is no need to modify this setting.

Session inactivity timeout

While accessing a StoreFront store through a web browser, after a period of inactivity, the user sees the message Your session has timed out due to inactivity. You can change the Session timeout to suit your users’ usage pattern. This does not affect locally installed Citrix Workspace app.

Alternatively you can use PowerShell. For example to set the timeout for the website ‘/Citrix/StoreWeb’ to 30 minutes:

$rfw = Get-STFWebReceiverService '/Citrix/StoreWeb'
Set-STFWebReceiverService $rfw -SessionStateTimeout 30
<!--NeedCopy-->

If you modify the session timeout so that it is greater than the Gateway session timeout you must increase the gateway session timeout accordingly. If you modify the session timeout so that it is greater than the Authentication token lifetime or Maximum token lifetime, these are automatically increased to match the session timeout.

Authentication token lifetime

When a user accesses a StoreFront store through a browser, by default the user is logged out after eight hours, regardless of any activity. This does not affect locally installed Citrix Workspace apps. To increase this timeout:

  1. On StoreFront, navigate to c:\inetpub\wwwroot\Citrix\<StoreWeb>.
  2. Open the web.config file.
  3. Locate the entry: <authentication tokenLifeTime="08:00:00" method="Auto" />
  4. Change the tokenLifeTime to the desired value. To enter a value of 1 day or more, use the format d.h:m:s.

If you increase the session timeout to be more than 20 hours, you must also increase the Maximum token lifetime of Authentication Service.

Citrix Gateway timeouts

For more information on gateway timeouts see Gateway documentation.

For web browser access you should set the Citrix Gateway Session time-out to a slightly higher value than the StoreFront Session timeout. This is to ensure that when the StoreFront session times out and it notifies the gateway, the gateway is able to cleanly sign out before its own session expires.

Locally installed Citrix Workspace app does not apply an inactivity timeout when connected to a StoreFront store. Therefore, the gateway is the only place that you need to apply an inactivity timeout.

On the Citrix Gateway you may set a Forced time-out to disconnect the session after a given time regardless of the user’s activity.

Maximum token lifetime of Authentication Service

The Authentication Service issues tokens that are used when connecting to a store. By default the token expires after 20 hours which causes the user to be logged out.

If the user authenticated by a Citrix Gateway, then when the StoreFront token expires, StoreFront issues a challenge to the Citrix Gateway. If the gateway’s session is still active then it supplies the credentials to log back in to StoreFront. If you wish to prevent this then you must configure the gateway’s Forced time-out to be the same as the maximum token lifetime.

Normally when using the store in a web browser, the inactivity timeout causes the session to be logged out before the token expires so the token lifetime is mainly relevant to locally installed Citrix Workspace app. To configure the maximum token lifetime:

  1. For the Citrix Workspace app installed on the StoreFront Server, navigate to the path of your store’s auth service c:\inetpub\wwwroot\Citrix\<Store>Auth (which could be one of several auth services depending on how many Stores you have).

  2. In the web.config file, locate the Authentication Token Producer service, and within that, find the add element whose id matches that of the Authentication Token Producer. In the following example, you need the add element with id="f7cac185-57c1-4629-a33c-88a89dd4295d" encipherId="2948f7ad-735e-4e03-8e01-8d4f5d3ca75b":

    <service id="f7cac185-57c1-4629-a33c-88a89dd4295d" displayName="Authentication Token Producer">
    <relyingParties signingId="2948f7ad-735e-4e03-8e01-8d4f5d3ca75b" defaultLifetime="01:00:00" maxLifetime="01:00:00">
    <clear />
    <add id="f7cac185-57c1-4629-a33c-88a89dd4295d" encipherId="2948f7ad-735e-4e03-8e01-8d4f5d3ca75b" defaultLifetime="01:00:00" maxLifetime="20:00:00" />
<!--NeedCopy-->

  3. Change the maxLifetime to the desired value. The default is 20:00:00. To enter a value of 1 day or more, use the format dd.hh:mm:ss.

  4. Run the iisreset command to apply the changes. Running this command logs off the users from Citrix StoreFront Web but it doesn’t impact their current ICA session.

Configure session settings
May 29, 2024
Contributed by: 
C S
May 29, 2024
Contributed by: 
C S

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.