we use Grafana to continuously display certain frequency, voltage, current and calculated values on a display board. However, after a while the Grafana session disconnects and returns to the OpenHistorian login/password screen. I’ve modified the following parameters in the D:\openHistorian\Grafana\conf\custom.ini file ; and then restarted the openHistorian service :
The maximum lifetime (duration) an authenticated user can be inactive before being required to login at next visit. Default is 7 days (7d). This setting should be expressed as a duration, e.g. 5m (minutes), 6h (hours), 10d (days), 2w (weeks), 1M (month). The lifetime resets at each successful token rotation (token_rotation_interval_minutes).
login_maximum_inactive_lifetime_days = 1M
The maximum lifetime (duration) an authenticated user can be logged in since login time before being required to login. Default is 30 days (30d). This setting should be expressed as a duration, e.g. 5m (minutes), 6h (hours), 10d (days), 2w (weeks), 1M (month).
login_maximum_lifetime_days = 1M
How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
token_rotation_interval_minutes = 1000
However, the session continues to automatically disconnect after much less than this specified 1 month duration of inactivity.
Could you please tell me where to specify this timeout parameter so that the session could be maintained ‘up’ ?
Thank you very much
Have a nice day,
It seems to be a Grafana 9.x bug : Grafana Login Timeout (v9.2.0) · Issue #56994 · grafana/grafana (github.com)
I’ll try to update it from actual 9.1.5 when the fix will be released in a new Grafana version. Hope it’ll be compatible with my actual OpenHistorian version ( 2.8.249).
Edit : I’ve upgraded the Grafana version by copy/paste from 9.1.5 to the actual latest 9.4.7 and it seems to work fine : no uncompatibility or issues detected with my dashboards at first sight.
On the Grafana labs’ Github, a fix seems to have been pushed/comited today ; so the next version of 9.4.x should resolved the bug. I’ll test it when it 'll be released and tell you the result.
Thanks Stephane - we will keep an eye out for the new release…
Along these same lines, you might try changing a few of the user time parameters in the openHistorian (OH) configuration, especially since OH is responsible for authentication.
One parameter is the
UserCacheTimeout in the
<securityProvider> section which defaults to one minute, which is say if no user activity has been detected within one minute, it will expire user cache. You could try setting this value to a higher value. Note do not set this value too high as this will affect how long a system will continue to allow an active user to remain authenticated before checking the database again to see if user has been locked out or disabled.
Then there is the
SessionTimeout parameter in the
<systemSettings> section which determines when a session will timeout after no user activity has been detected, this defaults to 20 minutes. This one may be the most relevant to change.
Another parameter is the
SessionExpirationDays in the
<systemSettings> section. This defines the number of days before a user session token expires.
Thank you very much for your answer.
I’ve tried to modify the
SessionTimeout parameter and I’m pretty sure that it had the required effect. I’m waiting for the final operators feedback to tick it as ‘solved’ ; but it seems to going on the right way.
I put the value ‘1440’ (24h), but I wonder if it can accept something like 43200 (1 month); like in the Grafana config where you can put ‘1M’. One of the dashboards is designed to be displayed permanently on a shared main display; and I wish there was no need to have to authenticate every day to maintain this display.
The units are in minutes, you can set it to a month (e.g., 43800), or a year (e.g., 525600). As such, you could pick a time range where you know the host system would be rebooted before the session expired.
Thank you very much for your answer. I’ll try a 1 month range. Operators have confirmed that the session remains displayed ; even if they don’t interact with it.