How to: Modify the timeout interval on the Web admin Console.

Applies to:  

Venafi Trust Protection Platform Websites.



Since upgrading to 6.1, I've noticed the web admin UI times out much quicker. Is there an easy way to set the timeout value? I keep getting logged out automatically.

How do you modify the logged in timeout values for the Web admin console? By modifying the Web.config file, we can override this timeout.  This article explains how to do this.


More Information:

After a period of inactivity, a warning message is displayed warning the user that he/she about to be logged off. If the user does not cancel this message they will be logged out, the default timeout value for Director is 5 minutes.  

To modify the timeout value, follow these steps:

  • Login to your Windows 2008 server with a user id that has rights to browse the file system and modify files.
  • Navigate to the admin folder and make a backup of the Web.config file.  If your default drive is C it is located at C:\Program Files\Venafi\Web\Admin\Web.config.
  • Using a simple text editor (Notepad) edit the Web.Config file.  It will look like the following.
  • TIP: on some versions of Director, you will not see the xml version declaration at the top of the file. 

   <?xml version="1.0"?>



                 <add key="ChartImageHandler" value="storage=session">




  • Auto logout by default starts at 90 seconds and then you have a 60 second countdown to logout.
  • Add the following two keys in the configuration\appSettings section after the </add> key:

                 <add key="AutoLogoutWarningSeconds" value="270" />

                 <add key="AutoLogoutWarningLength" value="30" />

  • Modify the values to suite your needs, but adhere these suggestions:
    • AutoLogoutWarningSeconds is how long (in seconds) before the auto-logout warning shows up. Any value between 120 and 1800 (seconds) are valid - between 2 and 30 minutes. NOTE: If the value is manually set above 1800, 1800 is used. 
    • AutoLogoutWarningLength is how long to show the warning before logging the user off, in seconds. Values between 15 and 120 (seconds) are valid.


Frequently asked questions:

How often does the timeout fire?

  • The timer resets every time you hit the server, which means on a reload of a page, or refreshing a tree or grid. In other words, it resets on every ajax call. The timer displays a logout warning 5 minutes after the last time you received data from the server. When the logout warning is displayed and the user clicks the 'Cancel' button, an ajax call is made to the server causing the timer to be reset.

Do we use an Ajax ping to ping the server periodically and keep the connection alive? 

  • Yes. The reason for enforcing the limitation of the timeout value is because the default timeout of the user’s session is 20 minutes. Many IIS admins reduce that time to ten minutes or sometimes even less. If the client (browser) is sitting there waiting ten minutes for something, or the user is reviewing data, their session on the server could time out making them log in again the next time they click on something and potentially cancel their request. To prevent the server session from timing out, the Director web app continually "pings" the server from the client (using a JavaScript Ajax call) to ensure the session stays active on the server. So, the client will ensure they stay logged in as well as prompt them to log them off when the time comes.

What happens when I open multiple browser windows-tabbed browsing?

  • If you open a tab to Director and don't go back to it - even though you are actively using Director in another tab - the background tab will launch the auto-logout code. This will cause your active tab to be logged off. There is no notification to other windows or tabs that one of the other tabs logged you off. In other words, the active tab will not warn you when this happens; the next time you contact the server will initiate a re-login.

What happens when I open multiple browser windows?

  • The auto-logout code will fire for each browser using the time stamp from when the server was last accessed.

What actions trigger the timer to reset?

  • Changing trees 
  • Selecting a different object in the tree (regardless of whether you’ve selected that object before this session) 
  • Selecting a tab in the details pane for the first time 
  • Clicking the Save button 
  • Clicking the refresh button in the details pane of an object 
  • Clicking any button on the bar below the tabs

What actions do not reset the timer? 

  • Applying a search or object type filter to the policy tree 
  • Using "find" to locate an instance of an object in the policy tree.
  • clicking the refresh button in the tree 
  • Returning to a tab in the details pane while staying on the same object 
  • Applying or clearing filters in a grid view 
  • Changing the sort order in a grid view 
  • Showing or hiding a column in a grid view 
  • Moving through pages in a grid view 
  • Clicking the refresh button in a grid view

NOTE: For details on a symptom when you are being kicked out of the WebAdmin at random intervals, see


Was this article helpful?
4 out of 4 found this helpful