Since we upgraded from 2021.2 to 2022.2, users can’t leave their client open overnight as they are used to, because the next morning they come in to a crash message - “session has either timed out or has been deleted. You must login again to continue.” Then they have to close the entire application again and relaunch. Before, they could just continue working because kinetic would reconnect seamlessly. This was an in place upgrade and we didn’t change any settings on our app server. License timeout is 15 minutes and always has been. Is there some other setting causing this?
In your Admin Console, right-click on the Application Server and click ‘Application Server Settings’.
Check the ‘Session Idle Timeout’ setting. When we upgraded to 2022.1, this happened to us. It changed from 4320 (the maximum allowed, I believe) to something much lower. You can change it back.
2 Likes
Thank you!
Don’t beat me up, but I’ve got to point out this is a bad practice from a security standpoint.
Better you than me…
1 Like
Why? The computer locks after 10 minutes. We are SSO. So they have to unlock the computer to get into Epicor. Epicor launches without entering credentials anyway. I don’t see the problem.
It’s a generalized statement.
You provided context I did not have.
On another note, I’m not a huge fan of SSO.
I am - now I don’t have to spend half my life helping people who forgot their password.
1 Like
I didn’t say there weren’t perks 
3 Likes
Yes I had a vague recollection about that thread but couldn’t locate it when I was searching earlier - its too bad the problem of the crashing is still not resolved. Like many commenters in that thread - if it just timed out and let you log back in that would be one thing. But it literally crashes and you have to close and start all over. Seems like something that could have been handled better by now.
1 Like
Only the .NET client and not the browser, right?
Right Alisa?
Whew. That was close.
1 Like
No the browser too - have to close the tab and relaunch, it will not reconnect.
Wow, never had that happen. But it should be a new session. Nothing is kept local.
I heard a security guy said if you have a choice to reauthenticate or shower everyday: reauthenticate.
2 Likes
SSO also stops people from sharing logins.
Sure but the reauthentication should be graceful. As an experiment I changed the session timeout in production but left it untouched in test, and left both environments open overnight. Production is working fine. I was finally able to close Test after clicking through 6 (six!!!) different popup error messages. Its ridiculous and has nothing to do with security.
3 Likes
Do you have an idea created for this graceful re-auth?
1 Like
Nope, I am just putting the timeout back to what it was which solves my problem.
1 Like
And what it was is a large period of time?