This subsection discusses the settings related to session and link expiry time of your on-premises deployment.

Configure the "Session and Links Expiry Time" parameters in SigningHub Global Settings

  1. Click the "Configurations" option from the left menu.
  2. Click the "Global Settings" option.
  3. Global Settings will appear, select the "Session and Links Expiry Time" option from the top right drop down. 
  4. Configure these settings as required and click the "Save" button from the screen bottom. 
    See the below table for fields description.

 


Global Settings - Session and Links Expiry Time

Fields

Description

User Session Timeout (mins)

Specify the number of minutes of user's inactivity (i.e. 5), after which your SigningHub Desktop Web should display the session expiry warning (pop up) to the logged in user. The user will be given the options whether to "Stay Connected" or "Log out". However, if the user does not respond to it for the next 15 seconds, the user will be automatically logged out from the SigningHub web.

Concurrent Sessions Limit

Specify the number of session (s) of Concurrent Sessions Limit (i.e 5) after which your SigningHub Desktop Web will not allow any further logins. By default the limit is set to 5 logins which is also the maximum limit for the concurrent sessions.

Registration & Invitation Link Expiry (mins)

Specify the number of minutes (i.e. 60) after which the registration and invitation links of a user should expire. The users will have to respond to these links within the allowed time (minutes) to complete their registration.

Forgot Password & Delete Account Link Expiry (mins)

Specify the number of minutes (i.e. 60) after which the exclusive "Forgot Password" and "Delete Account" links of a user should expire. The user will have to respond to these links within the allowed time (minutes) to change their password or permanently delete their account.

Access Token Expiry Time (secs)

Specify the number of seconds (i.e. 8000) after which the access token of a user should expire. An Access Token is a credential that can be used by a client to access an API. It is an opaque string that identifies a user, app, or a page and can be used by the app to make graph API calls.

Refresh Token Expiry Time (days)

Specify the number of days (i.e. 2) after which the refresh token of a user should expire. A Refresh Token is a special kind of token that is used to obtain a renewed access token for a user without needing them to re-authenticate. SigningHub keeps requesting new access tokens until the refresh token expires.



  1. For concurrent sessions, the following system behaviour is followed:
    • In case of a session timeout, the session will be deleted instantly.
    • In case of a session kill, the session will be retained in the database but shall be deleted once the core thread runs, and a period of 4 hours has passed since its retention. 



See Also