Hi,
I'm developing an Access Web App which is hosted on Office 365 SharePoint, which will contain some sensitive data. I want the session to time out after 15 minutes of inactivity ideally, but I'd be willing to settle for a facsimile thereof.
Firstly on SharePoint online the timeouts for sessions are as per the article here: https://support.office.com/en-gb/article/Session-timeouts-for-Office-365-37a5c116-5b07-4f70-8333-5b86fd2c3c40?ui=en-US
As you can see it's currently at 5 days on SharePoint.
Normally on a internal SharePoint server, you would be able to connect via PowerShell and update the timeout period to suit. On SharePoint online this setting is not exposed to end users (probably due to the shared nature of the service).
I can workaround this on SharePoint pages by adding some scripting to the master page templates, which simply sets a timer and redirects the page to the logout URL after a set period.
On the Access Web App however, it does not use the SharePoint page template, and it is not possible to edit the page that it does use (unless I can be corrected?), therefore this method is not workable.
I have also tried:
- Displaying a page from the SharePoint site in an iframe on the Access Web App. The iframe settings however prevent redirecting the parent (or top level) page.
- Displaying the whole web app in an iframe on the SharePoint site. This is prevented by the Web App, and I know of no way to opt back in to allow framing. The only question I could see relating to this was on TechNet but had received no responses: https://social.technet.microsoft.com/Forums/office/en-US/56985117-b745-4ecd-b24e-0c32d4a3529c/how-do-i-add-my-access-web-app-into-a-iframe-on-a-site-page?forum=sharepointgeneral
As far as I know there is no timer function directly on Access Web Apps, therefore I'd have to create a last activity record through monitoring every click in the app. If I were to do this, is there any way to redirect the webpage from within the app?
Otherwise, is there any other method I can use to time out the session, or make it function as if the session had timed out? Am I missing any other tricks here? Alternatively if this is a common issue and there is definitively no solution, please can someone put me out of my misery?!
I hope this is the right forum for this question. Please feel free to move or notify me if I'd get a better response elsewhere.
Thanks in advance!
Mat