Scheduled Tasks

Sana Commerce 9.3
Your connector

Remove Expired Admin Login Sessions

When a user logs in to Sana Admin, a login session will be created for this user. In order to minimize the time period an attacker can launch attacks over the active sessions and hijack them, there is an expiration timeout for every session, establishing the amount of time a session remains active.

If the user does not perform any actions in Sana Admin for a while, the session will expire, redirecting the user to the login page.

  • In Sana 9.3.0 - 9.3.3 Sana Admin login session expires in 20 minutes.
  • Starting from Sana 9.3.4 Sana Admin login session expires in 360 minutes (6 hours).

The Remove expired admin login sessions task removes all expired Sana Admin login sessions from the database.

Set up the "Remove expired admin login sessions" task

To set up the Remove expired admin login sessions task, click Edit.

The table below provides the description of the Remove expired admin login sessions task settings:

Settings Description 
Run on schedule  Use this option to enable automatic running of the Remove expired admin login sessions task according to the configured schedule or disable it to allow only manual start of the task.

If you enable Run on schedule, you should enter either the interval in minutes when the task should run automatically or the fixed time. 

Run interval (in minutes) Enter the time interval in minutes when the task should run automatically.
Run time  Enter the fixed time when the task should run automatically. For the fixed time, the time of the server is used. 
Number of minutes before expired login session is removed  Enter the number of minutes before expired login session is removed. By default, the value of this parameter is set to 60 minutes, meaning that all login sessions that expired more than an hour ago will be removed. 
Maximum archived log files  Enter the maximum number of log files to store. If this number exceeds, the oldest log file will be removed and the new one will be created. 

 NOTE

Starting from Sana 9.3.4, when customers log in to the Sana web store, the login session will be created for them. If the customer does not perform any actions in the web store, the session will expire in 20 minutes, redirecting him or her to the login page.

Starting from Sana 9.3.4, a web store administrator can change login session expiration time for both, Sana Admin and web store, in the "Web.config" file of the Sana Commerce Frontend.