From 7b9177571659d25c2e8c96651a77a09bcf4ac847 Mon Sep 17 00:00:00 2001 From: Albert ten Napel Date: Tue, 14 Oct 2025 08:35:27 +0200 Subject: [PATCH 1/4] Add AbsoluteSessionTimeout runtime setting --- content/en/docs/refguide/runtime/custom-settings/_index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/en/docs/refguide/runtime/custom-settings/_index.md b/content/en/docs/refguide/runtime/custom-settings/_index.md index a61a9f07c30..92890b18626 100644 --- a/content/en/docs/refguide/runtime/custom-settings/_index.md +++ b/content/en/docs/refguide/runtime/custom-settings/_index.md @@ -72,6 +72,7 @@ The following custom settings can be configured: | ScheduledEventExecution | Specify which scheduled events should be executed. Choices are `ALL`, `NONE`, or `SPECIFIED`. In the case of `SPECIFIED`, enumerate the scheduled events using the `MyScheduledEvents` configuration option described below. {{% alert color="warning" %}}This setting cannot be configured when running locally. To enable and disable scheduled events when running locally, please use the 'Enabled' setting on the [Scheduled Events execution properties](/refguide/scheduled-events/) in Studio Pro.{{% /alert %}} | NONE | | SessionKeepAliveUpdatesInterval | Defines how often a runtime writes session LastActive dates in its memory back to the database. | one sixth of the value configured for the `SessionTimeout` setting; if the `SessionTimeout` is not set, this value defaults to 100000 (100 seconds) | | SessionTimeout | Defines after how much time a session becomes invalid (in milliseconds). After that timeout, a session becomes eligible for removal. The session will not be destroyed until the next time a scheduled task runs to clean up the active sessions.
{{% alert color="warning" %}} Sessions can be removed immediately by a query to the runtime after the session becomes eligible for removal. Navigating between pages is not enough to trigger a query to the runtime. To force a query to the runtime, use a microflow. For example, create a microflow that shows the Home page, then configure your app's navigation to call this microflow rather than relying on the navigation to directly show the page itself. This will ensure the runtime is queried and the user session is removed. {{% /alert %}} | 600000 (10 minutes) | +| AbsoluteSessionTimeout | Defines after how much time a session becomes invalid (in milliseconds). After that timeout, a session becomes eligible for removal. As opposed to the `SessionTimeout`, the `AbsoluteSessionTimeout` timeout is not affected by user interactions. The session will be destroyed at requests or until the next time a scheduled task runs to clean up the active sessions. If the setting is not set then absolute session timeout is disabled, this is the default. | | | Headers | A JSON object containing custom headers as key/value pairs, and can be used to define a `Content-Security-Policy`. For example, `{ "Content-Security-Policy": "script-src 'nonce-{{ NONCE }}'" }`. | `{}` | | TaskQueue.ShutdownGracePeriod | Time in ms to wait for task in a task queue to finish when shutting down. | 10000 (10 seconds) | | TempPath | The location of the temporary files. | [deployment folder]\data\tmp | From b34c0ef61e251b579411d74df621d672ce782c04 Mon Sep 17 00:00:00 2001 From: Albert ten Napel Date: Tue, 14 Oct 2025 12:18:11 +0200 Subject: [PATCH 2/4] Update content/en/docs/refguide/runtime/custom-settings/_index.md Co-authored-by: J. Veldhuizen --- content/en/docs/refguide/runtime/custom-settings/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/refguide/runtime/custom-settings/_index.md b/content/en/docs/refguide/runtime/custom-settings/_index.md index 92890b18626..73aebf8d4eb 100644 --- a/content/en/docs/refguide/runtime/custom-settings/_index.md +++ b/content/en/docs/refguide/runtime/custom-settings/_index.md @@ -72,7 +72,7 @@ The following custom settings can be configured: | ScheduledEventExecution | Specify which scheduled events should be executed. Choices are `ALL`, `NONE`, or `SPECIFIED`. In the case of `SPECIFIED`, enumerate the scheduled events using the `MyScheduledEvents` configuration option described below. {{% alert color="warning" %}}This setting cannot be configured when running locally. To enable and disable scheduled events when running locally, please use the 'Enabled' setting on the [Scheduled Events execution properties](/refguide/scheduled-events/) in Studio Pro.{{% /alert %}} | NONE | | SessionKeepAliveUpdatesInterval | Defines how often a runtime writes session LastActive dates in its memory back to the database. | one sixth of the value configured for the `SessionTimeout` setting; if the `SessionTimeout` is not set, this value defaults to 100000 (100 seconds) | | SessionTimeout | Defines after how much time a session becomes invalid (in milliseconds). After that timeout, a session becomes eligible for removal. The session will not be destroyed until the next time a scheduled task runs to clean up the active sessions.
{{% alert color="warning" %}} Sessions can be removed immediately by a query to the runtime after the session becomes eligible for removal. Navigating between pages is not enough to trigger a query to the runtime. To force a query to the runtime, use a microflow. For example, create a microflow that shows the Home page, then configure your app's navigation to call this microflow rather than relying on the navigation to directly show the page itself. This will ensure the runtime is queried and the user session is removed. {{% /alert %}} | 600000 (10 minutes) | -| AbsoluteSessionTimeout | Defines after how much time a session becomes invalid (in milliseconds). After that timeout, a session becomes eligible for removal. As opposed to the `SessionTimeout`, the `AbsoluteSessionTimeout` timeout is not affected by user interactions. The session will be destroyed at requests or until the next time a scheduled task runs to clean up the active sessions. If the setting is not set then absolute session timeout is disabled, this is the default. | | +| AbsoluteSessionTimeout | Defines after how much time a session becomes invalid (in milliseconds). After that timeout, a session becomes eligible for removal. As opposed to the `SessionTimeout`, the `AbsoluteSessionTimeout` timeout is not affected by user interactions. The session will be destroyed at requests and periodically when sessions are cleaned up. If the setting is not set then this behavior is disabled, which is the default. | | | Headers | A JSON object containing custom headers as key/value pairs, and can be used to define a `Content-Security-Policy`. For example, `{ "Content-Security-Policy": "script-src 'nonce-{{ NONCE }}'" }`. | `{}` | | TaskQueue.ShutdownGracePeriod | Time in ms to wait for task in a task queue to finish when shutting down. | 10000 (10 seconds) | | TempPath | The location of the temporary files. | [deployment folder]\data\tmp | From a5b98f17762f1a9cb227af293bb20428965e36b2 Mon Sep 17 00:00:00 2001 From: Mark van Ments <35492184+MarkvanMents@users.noreply.github.com> Date: Wed, 15 Oct 2025 15:46:12 +0200 Subject: [PATCH 3/4] Clarify introduction version --- content/en/docs/refguide/runtime/custom-settings/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/refguide/runtime/custom-settings/_index.md b/content/en/docs/refguide/runtime/custom-settings/_index.md index 73aebf8d4eb..7408508eec5 100644 --- a/content/en/docs/refguide/runtime/custom-settings/_index.md +++ b/content/en/docs/refguide/runtime/custom-settings/_index.md @@ -72,7 +72,7 @@ The following custom settings can be configured: | ScheduledEventExecution | Specify which scheduled events should be executed. Choices are `ALL`, `NONE`, or `SPECIFIED`. In the case of `SPECIFIED`, enumerate the scheduled events using the `MyScheduledEvents` configuration option described below. {{% alert color="warning" %}}This setting cannot be configured when running locally. To enable and disable scheduled events when running locally, please use the 'Enabled' setting on the [Scheduled Events execution properties](/refguide/scheduled-events/) in Studio Pro.{{% /alert %}} | NONE | | SessionKeepAliveUpdatesInterval | Defines how often a runtime writes session LastActive dates in its memory back to the database. | one sixth of the value configured for the `SessionTimeout` setting; if the `SessionTimeout` is not set, this value defaults to 100000 (100 seconds) | | SessionTimeout | Defines after how much time a session becomes invalid (in milliseconds). After that timeout, a session becomes eligible for removal. The session will not be destroyed until the next time a scheduled task runs to clean up the active sessions.
{{% alert color="warning" %}} Sessions can be removed immediately by a query to the runtime after the session becomes eligible for removal. Navigating between pages is not enough to trigger a query to the runtime. To force a query to the runtime, use a microflow. For example, create a microflow that shows the Home page, then configure your app's navigation to call this microflow rather than relying on the navigation to directly show the page itself. This will ensure the runtime is queried and the user session is removed. {{% /alert %}} | 600000 (10 minutes) | -| AbsoluteSessionTimeout | Defines after how much time a session becomes invalid (in milliseconds). After that timeout, a session becomes eligible for removal. As opposed to the `SessionTimeout`, the `AbsoluteSessionTimeout` timeout is not affected by user interactions. The session will be destroyed at requests and periodically when sessions are cleaned up. If the setting is not set then this behavior is disabled, which is the default. | | +| AbsoluteSessionTimeout | Defines after how much time a session becomes invalid (in milliseconds). After that timeout, a session becomes eligible for removal. As opposed to the `SessionTimeout`, the `AbsoluteSessionTimeout` timeout is not affected by user interactions. The session will be destroyed at requests and periodically when sessions are cleaned up. If the setting is not set then this behavior is disabled, which is the default. | Disabled. *Introduced in Mendix 11.4.0.* | | Headers | A JSON object containing custom headers as key/value pairs, and can be used to define a `Content-Security-Policy`. For example, `{ "Content-Security-Policy": "script-src 'nonce-{{ NONCE }}'" }`. | `{}` | | TaskQueue.ShutdownGracePeriod | Time in ms to wait for task in a task queue to finish when shutting down. | 10000 (10 seconds) | | TempPath | The location of the temporary files. | [deployment folder]\data\tmp | From e9d6b9116480ad4ce1df470f493a4a93d769d7ba Mon Sep 17 00:00:00 2001 From: Mark van Ments <35492184+MarkvanMents@users.noreply.github.com> Date: Wed, 15 Oct 2025 16:07:18 +0200 Subject: [PATCH 4/4] Clarify relationship of AbsoluteSessionTimeout and SessionTimeout --- content/en/docs/refguide/runtime/custom-settings/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/refguide/runtime/custom-settings/_index.md b/content/en/docs/refguide/runtime/custom-settings/_index.md index 7408508eec5..76faf76fe8f 100644 --- a/content/en/docs/refguide/runtime/custom-settings/_index.md +++ b/content/en/docs/refguide/runtime/custom-settings/_index.md @@ -72,7 +72,7 @@ The following custom settings can be configured: | ScheduledEventExecution | Specify which scheduled events should be executed. Choices are `ALL`, `NONE`, or `SPECIFIED`. In the case of `SPECIFIED`, enumerate the scheduled events using the `MyScheduledEvents` configuration option described below. {{% alert color="warning" %}}This setting cannot be configured when running locally. To enable and disable scheduled events when running locally, please use the 'Enabled' setting on the [Scheduled Events execution properties](/refguide/scheduled-events/) in Studio Pro.{{% /alert %}} | NONE | | SessionKeepAliveUpdatesInterval | Defines how often a runtime writes session LastActive dates in its memory back to the database. | one sixth of the value configured for the `SessionTimeout` setting; if the `SessionTimeout` is not set, this value defaults to 100000 (100 seconds) | | SessionTimeout | Defines after how much time a session becomes invalid (in milliseconds). After that timeout, a session becomes eligible for removal. The session will not be destroyed until the next time a scheduled task runs to clean up the active sessions.
{{% alert color="warning" %}} Sessions can be removed immediately by a query to the runtime after the session becomes eligible for removal. Navigating between pages is not enough to trigger a query to the runtime. To force a query to the runtime, use a microflow. For example, create a microflow that shows the Home page, then configure your app's navigation to call this microflow rather than relying on the navigation to directly show the page itself. This will ensure the runtime is queried and the user session is removed. {{% /alert %}} | 600000 (10 minutes) | -| AbsoluteSessionTimeout | Defines after how much time a session becomes invalid (in milliseconds). After that timeout, a session becomes eligible for removal. As opposed to the `SessionTimeout`, the `AbsoluteSessionTimeout` timeout is not affected by user interactions. The session will be destroyed at requests and periodically when sessions are cleaned up. If the setting is not set then this behavior is disabled, which is the default. | Disabled. *Introduced in Mendix 11.4.0.* | +| AbsoluteSessionTimeout | Defines after how much time a session becomes invalid (in milliseconds). After that timeout, a session becomes eligible for removal. As opposed to the `SessionTimeout`, the `AbsoluteSessionTimeout` timeout is not affected by user interactions. This does not override `SessionTimeout`, sessions also become invalid if `SessionTimeout` is reached. The session will be destroyed in the same way as for [`SessionTimeout`](#SessionTimout), above. If the setting is not set then this behavior is disabled, which is the default. | Disabled. *Introduced in Mendix 11.4.0.* | | Headers | A JSON object containing custom headers as key/value pairs, and can be used to define a `Content-Security-Policy`. For example, `{ "Content-Security-Policy": "script-src 'nonce-{{ NONCE }}'" }`. | `{}` | | TaskQueue.ShutdownGracePeriod | Time in ms to wait for task in a task queue to finish when shutting down. | 10000 (10 seconds) | | TempPath | The location of the temporary files. | [deployment folder]\data\tmp |