You can set the following time-out options for the server (
):The logon sequence time-out setting applies to both a client and the server configuration. This is the amount of time the client has to make the connection to the Server. If this time expires and a connection was not made, the user must try to log on again.
You use the Logon sequence timeout option on the Configure Server tab to set the logon sequence time-out value. This operation can be performed only when the server is running.
The inactivity time-out is a security feature that automatically logs users off when they have been inactive for the length of time specified by the administrator. If a client has no communication (either automatic or manual) with the server configuration for that length of time, the server drops the connection. If the user's session has no other server connections, the session is deleted from the server. If the user has a concurrent license, that license is automatically returned to the pool of concurrent licenses. The user must then do a full login to reconnect.
You use the Inactivity timeout option on the Configure Server tab to set the inactivity time-out value. To allow named users (that is, users with a fixed license) to remain logged on even if they exceed the inactivity time-out limit, administrators can select the Exclude named users option after selecting the Inactivity timeout option and entering a time-out value.
Even if an inactivity time-out value is set, users will not time out if their system notifications are set for a period of time that is shorter than the inactivity time-out. For example, suppose a user has notification set to automatically check for new change requests every ten minutes and the inactivity time-out is set for 60 minutes. In this case, because of automatic communication between the client and the server, the user will never time out.
If a client loses its network connection, users are disconnected from the server. The reconnect time-out option determines the amount of time the client has to reestablish the connection. The client attempts to reconnect only if the user is trying to send a command to the server. A reestablished connection contains the full context of the lost connection.
If the client successfully reestablishes its connection to the server within the window of time set in the Reconnect time-out, users can simply continue working in the application. They do not have to close their projects, log in again, and reestablish their view settings. However, if the Reconnect time-out has expired, you must either close the client, or log onto the server again.
You use the Reconnect timeout option on the Configure Server dialog box to set the reconnect time-out value. The reconnect time-out can be changed only on a server that is running. It does not work when the server has been restarted.
When setting the Inactivity timeout, set it to a value greater than the Reconnect timeout. Otherwise, if the Reconnect timeout and the Inactivity timeout are both enabled and the Inactivity timeout is shorter, the user is logged off before the client can reestablish the connection. That is, if the Reconnect timeout is longer than the Inactivity timeout and both are turned on, then the Inactivity timeout acts before the Reconnect timeout time period has expired.
You can increase the security of your projects by entering a logon failure setting and duration. One cause of logon failure is hackers trying to figure out passwords for users. In such cases, you should consider changing the IP address of the system to make it more difficult for attackers to locate the server configuration and repeat their efforts. You may also want to change the user names of all users in the system.
You choose Logon failures tab to specify how to handle logon failures and the length of a lockout if one is applied. You can also specify that the server configuration notify members of the Security Administrators group by email about logon failures and lockouts. This operation can be performed only when the server is running.
and then use theIt is possible for any user, even users with an administrative account, to be locked out of a server configuration when the number of retries with the wrong password has been exceeded. The lockout period for the main administrative account (Administrator) is 24 hours. However, you can unlock the administrative account before the 24 hours have elapsed (see Reactivating Administrative Accounts.)