Session Expired¶
As a matter of basic system security, Volgistics sessions expire after a period of approximately 60 minutes of inactivity. Not all activities in Volgistics interact with the database so there are cases where you may be working, but the system will see you as inactive. For example, if you're composing a long email message or tagging a large group of volunteer records, the system will see you as inactive because the activity you're engaged in does not send any information to or from the database.
To protect you from accidental automatic sign-outs, a warning box similar to the one shown below will pop-up when you have approximately 10 minutes before the session expires:
If you're still working with the database when you see the warning box, simply perform an action where you will send or pull information from the database. For example, if you are composing an email message, click the Save Draft button. This will reset the timer and then you can re-open the message and begin working on it again. Or, if you are tagging volunteer records, select Schedule from the menu. This will make a call to the database which will reset the timer.
If the system still does not sense activity for the session after the 10 minute warning box appears, the session will be closed to protect the account's information. In this case, a warning box like the one shown below will appear:
The operator will also get a Session Expired message when they try to perform an action that interacts with the database. If the session has expired, the user can continue working by clicking the log in again link at the end of the Session Expired message and re-entering their credentials on the Login page.
A Session Expired message can also appear if System Operator login credentials are shared between two people and the second person logs in while the first person is already using the system. Because there can only be one session at a time for each operator, the second person cannot login until the session is closed for the other person using the shared login name.
In this case, the second person attempting to login will see a Session in use message. If this person clicks Continue, they will be able to login but the other person's session will be closed. This will cause the operator who was already logged in to see the Session expired notice. If the second person clicks Cancel, the person who was already logged in will be allowed to continue working.
Can I Prevent My Sessions From Expiring?
The Volgistics feature that closes idle sessions after 60 minutes prevents open sessions from posing a security vulnerability. It is a requirement of many security standards, and meets best practice standards for security. For this reason there is not a way to disable this feature or set an account to permit a longer period of session inactivity. If a System Operator knows they are going to be away from the system for more than a few minutes, we recommend they save the page they are working on before leaving to avoid losing any work.
You can optionally disable the alert messages warning that the session will be expiring on an operator-by-operator basis. However, this will not prevent the session from expiring. It will only prevent the alert messages from appearing.