is there a way to get around the 20 minutes limit ...
# suitecommerce
g
is there a way to get around the 20 minutes limit a user can stay idle on a SCA page? it's the #1 complaint of our customers, they keep getting logged out of our site because of this limitation
e
There is no native way (neither custom, probably you could) but I think NetSuite is following some best practices on security stuff.
s
Short answer is no: there is foolproof way to extend the session. We have seen some people implement “Are You Still There?” type dialogs that pop up after 15 minutes or so of idle time, and clicking ‘yes’ sends an arbitrary API call to NetSuite, thus refreshing the session. And yeah the general reason is security but also performance — you shouldn’t leave sessions idle for a long time.
g
@Steve Goldberg I understand it's for security reasons, but it's also by far the top 1 complaint we receive from our customers. I understand they expect the same behavior encountered at amazon.com, for instance, where they can stay logged in for a long time even though it may contain a lot of sensitive information. Is there a way, by chance, to make it optional at least, so we can decide how secure we want it to be? Similar to what we have for the NetSuite full license users, where we can decide for how long they can have an idle session (up to 720 hours). Also, instead of implementing the "Are You There" pop up, if I simply implement a script that does an API call every 15 minutes, would it work? Thank you so much for your help @Steve Goldberg
s
I understand it's for security reasons, but it's also by far the top 1 complaint we receive from our customers.
We get that too. Making the change is not trivial for us and so it is an issue in the backlog that can be prioritised. It is something I have personally sat down and discussed with architects so we are aware but it is not something we are actively working on right now.
Also, instead of implementing the "Are You There" pop up, if I simply implement a script that does an API call every 15 minutes, would it work?
The reason why we don't like this is for security reasons. You are circumventing idle session timeout which, as I said, is bad security. The Are You There popup requires an affirmative action from the user to confirm they are still active.
g
Sounds good @Steve Goldberg Thanks a lot for your feedback! Have a great week!