Security & Session Settings

This section of behavior settings deals with the Security and Session settings. The available settings are:

Systems Control menu- Security and Session Settings Typical Value Description
ALLOW_CHANGE_LOCALE_AT_SIGNON NO If this setting is set to YES, then there is an additional prompt on the sign on screen, where users may elect to alter their language setting as they sign on.  This only has meaning in a multi-locale system and where users are regularly changing which language they use
ALLOW_PASSWORD_AUTOCOMPLETE NO This setting allows or disallows your browser to cache the user’s password and to auto-complete this for the user. Note that setting this to YES may be a security risk if users access ExtraView from public computers. Also note that this setting allows the browser’s Back button to be used to go back and retrieve the original sign on page with the valid User ID and password. It is not recommended that you turn this feature on if you are not completely certain of who can access your installation
ALLOW_SECURITY_PERMISSIONS NO When you create a new user defined field it will be given read and write permissions for all user roles if the value of the setting is YES. If the value of this setting is NO then only the ADMIN role will be given read and write permission. The latter is a more secure mode
APP_HOME Only used if value is not the default for the system. This is the path to the ExtraView Java servlet.  If altered, you must restart the ExtraView server for the new value to be recognized
AUTO_SIGNOFF_ON_USER_EXIT NO YES or NO to sign off user if the user closes the last ExtraView window, or navigates to another site. If NO, the session cookies remain and the user can press the browser Back button to go back to their ExtraView session. If YES, the user’s session is terminated when they navigate to another site or close the ExtraView window.If your installation is being used as a remote site with OAuth2 tokens being granted to users on other sites, the valud of this setting should be kept as YES.  This is a security precaution which prevents the small possibility of a user being able to access the site for some period of time after their account is deactivated.
CACHE_COHERENCY_POLL_TIME The number of seconds between updating cached metadata information within the server. This setting provides a compromise between between performance and up-to-date information being available across all nodes of a multi-server environment, and across different sessions within a single application server environment. The longer the cache interval, the higher the performance of the server, but the increased likelihood that a user will access stale information within the server cache. The default if you do not enter a value is 5 seconds. If you change metadata often on an installation with clustered application servers, the recommendation is to keep this value at 5 seconds so that any metadata change is propagated promptly to all the application servers and sessions. If you change metadata rarely, or the metadata is only changed on a staging server and then propagated to a production server, you can consider extending the time
CLIENT_IP_ADDRESS_CHECK YES YES or NO to check or ignore that the client workstation maintains a constant IP address during a session. Usually YES, but may need to be set to NO if your server is accessed via a proxy server
CONFIDENTIALITY_MESSAGE This setting allows the administrator to create a system-wide confidentiality statement that appears at the bottom of most screens and reports.  This statement may be up to 4,000 characters in length and may contain valid HTML
DEFAULT_TIMEZONE America/Los_Angeles This time zone will be used as the default for all new users who are created. Please make sure the time zone is spelled correctly. You can consult the Appendix on Time Zones for a list of valid time zone
ENABLE_TWO_FACTOR_AUTH NO When this setting is YES, ExtraView will require a second level of authentication before allowing the user access to their account. This second authentication factor is via an email sent to the user with a verification code that must be entered before the user enters their account.Note that the SYSTEM and ADMIN accounts bypass two factor authentication.  This allows an administrator to still gain access to the system when some features of ExtraView, such as email notification, are inoperable.
ENABLE_DEVICE_VERIFICATION NO This is used in conjunction with the ENABLE_TWO_FACTOR_AUTH setting.  When this setting is set to YES, then a user has an option to remember that they have used that computer and internet browser combination to previously connect to ExtraView.  If this is not so, they will be sent an email with a verification code and they are asked whether they should be remembered in that browser on that computer.  Note ENABLE_TWO_FACTOR_AUTH must also be set to YES.  Also note that if the user clears their browser cache, the user will need to verify themselves again the next time they sign on.Note that this setting is bypassed if the BatchMail task is not running.
ENHANCED_SECURITY NO This setting provides password access to the User Accounts Maintenance screen for enhanced security
KEEPALIVE_INTERVAL_SECS 300 This is the number of seconds between polling operations from the add or edit screen. This timer is used to send a message from the user’s browser to the server, to allow the server to keep track of users with open add or edit sessions. If the user closes their browser or navigates away from an add or edit page, then the server will be able to recognize this event.
KEEP_FAMILY_SESSIONS_TIMEOUT NO If this behavior setting is NO, then each window that opens a new session within ExtraView will set up its own measurement against SESSION_EXPIRE_TIME_HOURS. If this is set to YES, then all sessions in all windows will share a single SESSION_EXPIRE_TIME_HOURS. The NO value provides for more efficient memory utilization on the server, but may lead to unexpected session timeouts of ExtraView for individual users, when they operate with a significant number of open windows
KEY_STORE_ID This setting is the entry name used for access to the keystore which contains the certificate with the credentials for SAML. If used, the default value is SPKey
LICENSE_USAGE_WARNING 90 This should be a decimal number. It will be interpreted as a percentage. When the number of concurrent licenses consumed exceeds this amount, ExtraView will send an email to the administrator to warn them of this event. If the number of concurrent licenses is 10 or less, then the email is sent only when a user is denied access because of no availability of licenses. If the setting is zero, then this warning is not generated
MAX_SIGNON_ATTEMPTS 3 The maximum number of consecutive failed sign on attempts allowed by an individual user before their account is disabled. The number of failures is measured in the period defined in SIGNON_PERIOD_MINUTES. Note that all users who have the administrator role defined by the setting ADMIN_OVERRIDE_ROLE are notified by email when a user’s account is disabled. Note that if you are using custom authentication, then MAX_SIGNON_ATTEMPTS is not operative.
MAX_SIGNON_ID IP_ADDR Use a setting value of either USER_ID, IP_ADDR or BOTH. This setting configures the administrator warning about a user attempting to sign on more than MAX_SIGNON_ATTEMPTS, to recognize each attempt as originating from the entry of a specific USER_ID, or originating from a single IP Address, or originating from a combination of both.
NOSPILL_SESSION_COUNT 500 Two numbers control the number of sessions that can reside in memory at any one time:

  • SPILL_SESSION_COUNT
  • NOSPILL_SESSION_COUNT

A session is created in memory in response to a login by a user or as a “sub-session” of some previously created session. These sessions require memory resources to maintain the context of individual users “conversations” with ExtraView. When the number of sessions gets too large, they threaten the continued ability of the system to operate by consuming too much resource such as memory; therefore, there is a mechanism to “spill” old sessions to disk and retrieve them only when they are needed. When the number of sessions in memory reaches or exceeds the NOSPILL_SESSION_COUNT, the “oldest” sessions are written to the database and removed from memory. In this context, the “oldest” session is the one that has not been touched by some user action for the longest period. The writing of the session data to disk occurs as a background task and does not directly affect the creation or utilization of sessions that are in memory. Responsiveness is affected only when a disk-resident session is invoked by some user activity that requires a short delay to “de-serialize” the session and reconstitute it in memory from the database. When the number of sessions in memory reaches the SPILL_SESSION_COUNT, the in-memory session cache is “full” and new session requests must wait for older sessions to be written to the database. In this case, there is a direct effect on responsiveness while the user waits for old sessions to be written and in-memory session slots to be made available. Often, this delay is not noticeable. Another way of looking at it is that the system is in one of three states at any one time: (N_SESSIONS is the number of sessions in memory)

  1. Non-spill state: N_SESSIONS < NOSPILL_SESSION_COUNT In this state, no sessions are written to the database and new sessions are created directly in memory.
  2. Spill state: SPILL_SESSION_COUNT > N_SESSIONS >= NOSPILL_SESSION_COUNT In this state, a background task is writing the oldest in-memory sessions to disk, and new sessions are created directly in memory without any delays.
  3. Full state: SPILL_SESSION_COUNT <= N_SESSIONS In this state, a new session creation request will be delayed until at least one old session is written to disk to free a “slot” for the new session.

Note that NOSPILL_SESSION_COUNT < SPILL_SESSION_COUNT in all cases. If the behavior settings do not adhere to this invariant, the default values (480 / 500) will be used. Note also that these behavior settings must be set when ExtraView is started, and they are not inspected after startup. If they are changed, a restart of the ExtraView application server is necessary for them to take effect.

PASSWORD_EXPIRE_TIME_DAYS 0 This is the number of days which a user’s password will last, before it automatically is expired. Every time this number of days elapses, the user will be prompted to create a new password when they next sign on. If this setting has a value of zero, passwords will never expire. Note that if a user is created when the value is zero, and this setting is then changed from zero to any number, then existing users passwords will never expire. The administrator will then need to set a new date for the expiry in the users accounts.
PASSWORD_FORGOTTEN YES When this is set to YES, then a prompt “Forgotten Password?” appears on the sign on screen and users will be able to reset their password without intervention from the administrator
PASSWORD_REUSE_DAYS 0 This is the number of days that must go by before a password can be reused, after it is changed. The default value of zero disables checking for reused passwords.
PASSWORD_RULES 0,0,0,0[,0] PASSWORD_RULES has four or five numbers separated by commas.The first number is the minimum number of characters required to compose a valid password. The default is 0, which indicates that passwords may be of any length.The second number is the minimum number of numeric characters. Numeric characters have values between 0 and 9. The default is 0 which indicates that passwords need not contain any numeric characters.

The third number defines the minimum number of characters in upper case. Upper case characters have values in the range A to Z. (All passwords are case sensitive.)

The forth number is the minimum number of non-alphabetic and non-numeric characters. These are characters that are not in the ranges of 0 – 9 and a – z and A – Z, but are valid characters to store in a password. Double-byte characters are not allowed, but characters such as -, =. +. !, @, #, $, and % are allowed.

The fifth, optional number defines the minimum number of alphabetic characters that must be entered.  Any upper or lower case alphabetic characters satisfy this requirement.

REAUTH_REDIRECT_PARAM After the re-authentication with a status signature, this is the URL and parameter that ExtraView will go to
REAUTH_URL When performing a re-authentication with status signature rules, this is the URL that will perform the re-authentication
SECURITY_CACHE_MINUTES 30 Number of minutes before refresh of session security cache. If you alter security permission settings and do not wish to wait for this cycle to complete to automatically refresh the settings, you can sign off and sign on again
SESSION_EXPIRE_TIME_HOURS 24 Maximum session idle time in hours, the session data for a user is kept. After the period set in USER_EXPIRE_TIME_HOURS and before the value of this setting, ExtraView will attempt to restore a user’s data when their session has expired. Beyond the time specified in SESSION_EXPIRE_TIME_HOURS the data will be lost. If the value of this setting is less than one minute or 0, then the session data will be kept permanently until the server is restarted. This is not recommended.
SESSION_MONITOR_POLL_SECS 300 This is the number of seconds between periodic tests from the server, for session removal due to user expire time activity. The server will test to see if the user still has an open session at this interval. This is only used if USER_TIMEOUT_SESSION_REMOVAL is YES. and if the user’s browser has not reported to the server that a session is still active with the KEEPALIVE_INTERVAL_SECS timer.
SESSION_NAME_EXPIRE_TIME_HOURS 24 This is the session expiry period measured in hours for a user who occupies a named user license and who remains idle. Note that this is different from the period for users who occupy a concurrent license. Their expiry period is defined in the behavior setting named SESSION_EXPIRE_TIME_HOURS. After the period set in USER_EXPIRE_TIME_HOURS and before the value of SESSION_NAME_EXPIRE_TIME_HOURS , ExtraView will attempt to restore a user’s data when their session has expired. Beyond the time specified in SESSION_NAME_EXPIRE_TIME_HOURS the data will be lost. If the value of this setting is less than one minute or 0, then the session data will be kept permanently until the server is restarted. This is not recommended.
SESSION_WARNING_INTERVAL_SECS 0 This setting works in conjunction with SESSION_WARNING_TIME_SECS. When the idle time for a user reaches SESSION_WARNING_TIME_SECS before the expiry time, the user will see a message on their screen warning them of the impending session expiry. This warning will repeat every SESSION_WARNING_INTERVAL_SECS until the expiry time, when the session will finally expire. If the user takes some action to submit the form on the screen to the server during this process, the timers are reset and the user session remains active. A value of zero means that no repeat warnings will be given.
SESSION_WARNING_TIME_SECS 0 This setting works in conjunction with SESSION_WARNING_INTERVAL_SECS. When the idle time for a user reaches SESSION_WARNING_TIME_SECS before the expiry time, the user will see a message on their screen warning them of the impending session expiry. This warning will repeat every SESSION_WARNING_INTERVAL_SECS until the expiry time, when the session will finally expire. If the user takes some action to submit the form on the screen to the server during this process, the timers are reset and the user session remains active. A value of zero means that no warning of an impending session expiry will occur.
SIGNON_PERIOD_MINUTES 5 Once a user fails to sign on because of an invalid password, they will be allowed to make a total of MAX_SIGNON_ATTEMPTS in this period. Note that all users who have the administrator role defined by the setting ADMIN_OVERRIDE_ROLE are notified by email when a user’s account is disabled
SPILL_SESSION_COUNT 1000 Please see the entry for NOSPILL_SESSION_COUNT
SYSTEM_LOG_EXPIRE_TIME_DAYS 30 This is the number of days of history in the system log and the user signon log that information will be kept before it is purged from the system. The default is 30 days but you may increase this if you want to retain the information for longer periods. Stale information is purged from the log each time you access the logs, but if this setting is changed before you access the logs, then the information is retained.
USER_EXPIRE_TIME_HOURS 8 Description – This is the time in hours for which a user will remain signed in to ExtraView, when his computer is idle. ExtraView recognizes a user as still active when an action causes the user to access the server. When a user’s session expires, ExtraView will ask the user to sign in again, and will attempt to restore any data being inserted or updated, and take the user to the point where they were working. Note that the ability to restore data is only enabled for the period specified in the setting named SESSION_EXPIRE_TIME_HOURS. For this reason, SESSION_EXPIRE_TIME_HOURS should always be equal to or greater than USER_EXPIRE_TIME_HOURS. If the value of this setting is less than one minute or 0, then the session will not time out.
USER_TIMEOUT_SESSION_REMOVAL NO The value of YES implies that sessions are killed after USER_EXPIRE_TIME_HOURS of inactivity, unless the user has sessions that remain active in the add or edit screen mode. NO implies that these sessions are not killed after this period of inactivity. The user’s browser is checked by the server every SESSION_MONITOR_POLL_SECS to see if the ExtraView session is still active.