Changing the Storefront Timeout

Going from XenApp 6.5 to XenDesktop 7.8, I made the transition from using ICA connections to the Storefront presentation for our thin client users. The problem was the Storefront sessions were timing out. Our XenApp thin clients use hardcoded passwords based on Wyse variables, so the users do not know them. Sure, a restart would log them in again, but there must be a more user friendly option.

You can, but it’s not an admin friendly way.

On the Storefront console you can change the setting for the RfWeb (Receiver for Web). One of the options on the Session Settings tab is for Session timeout.


Changing session timeout should work, but there are other hard-coded token timeout settings in the Storefront web page. To change these, we need to edit the web.config file in the IIS folder. This, by default, can be found at:


As with all config file changes, it’s suggested you keep an original file just in case you screw it up. Open in your favorite text editor and find this part:

<service id="[$uniqueString]" displayName="Receiver for Web Token Producer">
 <relyingParties signingId="[$uniqueString]" defaultLifetime="01:00:00" maxLifetime="01:00:00">
 <add id="[$string]" encipherId="[$uniqueString]" defaultLifetime="24:00:00" maxLifetime="20:00:00" />
 <trustedIssuers decipherId="_" />

The one you want to change is the maxLifetime. Change it to your needed value, in my case 24 hours.

Secondly, find:

<authentication tokenLifeTime="24:00:00" locationURL="Authentication/GetAuthMethods">
  <clear />
  <add method="ExplicitForms" />
  <add method="CitrixAGBasic" />

Change the tokenLifeTime to desired time (again for me 24 hours).

Now do the regular stuff like IISreset and you should be good.

Note, this does not alter the timeout settings for Netscaler access. That is another process that is separate from this one. So in affect, the above changes will affect only internal webpage connections. Which, should, in theory, only allow internal connection such a long timeout threshold.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s