CWA Windows session not timing out

book

Article ID: CTX694946

calendar_today

Updated On:

Description

It is desired to force the user to authenticate to CWA Windows after a period of time such as 30 mins if the client is inactive.

However this is not happening.If the user launches an ICA session after 30 mins of inactivity then the user is logged on to the session without having to enter cedentials.

Timeouts are set to 30 mins .

Citrix Gateway > Global Settings > Change Global Settings > Client Experience : Session time-out:
30 mins

Citrix Gateway > Policies > Session > Session Profiles > CWA profile > Client Experience > Session timeout (override):

30 mins

MaxLifetime is set to 30 mins on Storefront.

Cause

SAML is used to authenticate to the ICA session .

By default a persistent cookie are stored and credentials on the ICA client and used to authenticate to the session

Setting "Prevent storing persistent cookies" to True forces an authentication as cookies are not stored .

Resolution

Enable "prevent storing persistent cookies" on the endpoint , This can be set in a local policy or via a domain GPO and assigned to the endpoint.

Once this is in place an authentciaton prompt is seen on launching a session after the timeout expires.

Issue/Introduction

It is desired to force the user to authenticate to CWA Windows after a period of time such as 30 minutes .

However this is not happening.

When a session is launched after 30 mins the user is logged onto the session without an authentication prompt.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"