11 Replies Latest reply on Feb 27, 2017 11:25 AM by Jeff Strauss

    Session expired

    Veronica Simoes

      Hello Support Team,


      I am using thrusted authentication and i would like to expire a session one minute after idle.

      Anybody knows what tabcm option we can use ?



        • 1. Re: Session expired
          Jeff Strauss

          there is no tabcmd to expire a session.  Why do you want to do this?


          - Tickets my understanding are one time use.  (i.e. each new report rendering needs a new ticket).  Somebody correct me if I'm way off on this...


          - The session is  controlled by tabadmin global setting with a default of 4 hours.  Changing the User Session Timeout | Tableau Software

          • 2. Re: Session expired
            Veronica Simoes

            Hi Jeff,


            Sorry ..tabadmin.

            I decrease the session timeout, but didn't kill the session.


            Any idea ?

            • 3. Re: Session expired
              Jeff Strauss

              what did you decrease it to?  And why do you want to kill sessions?  They don't take up much in the way of resources.

              • 4. Re: Session expired
                Jeff D

                Jeff, FYI tickets are not one-time use (unless you use them incorrectly ;-)

                • 5. Re: Session expired
                  Jeff Strauss

                  I'm just getting around to testing out multiple uses of trusted tickets.  The first time I use it, the dashboard successfully renders.  The second time I use it, I get the following error.


                  I know the wgsession sticks around, but don't think the trusted ticket sticks around.  I still think it's 1-time use...

                  • 6. Re: Session expired
                    Jeff D

                    Hi Jeff, there are two different things going on here.


                    You originally said: Tickets my understanding are one time use.  (i.e. each new report rendering needs a new ticket).


                    Tickets can only be redeemed once, so in that sense they're one-time.  However, when you redeem the ticket, you get a session, and the session provides access to see as many views as you want, until you are signed out.


                    When I said "incorrect use", I was referring to redeeming the ticket each time you want to load a view.  This is a common mistake people make when getting started with trusted authentication.


                    Hope that clarifies things!

                    • 7. Re: Session expired
                      Jeff Strauss

                      I don't understand.  What is the common "redeeming the ticket" mistake when tickets are only able to be redeemed once?

                      • 8. Re: Session expired
                        Jeff D

                        For a given user, the mistake is to redeem a ticket for every view.  If your flow redeems a ticket that's already redeemed, you'll get an error (as you demonstrated above).  If your flow requests a new ticket each time, this will work, but it is unnecessary.

                        • 9. Re: Session expired
                          Jeff Strauss

                          I think what you're saying is:  If a ticket has already been requested, but not yet redeemed, then just use this ticket instead of requesting a new one?

                          • 10. Re: Session expired
                            Jeff D

                            You normally request a ticket at the time you need it (a ticket must be redeemed within a few minutes).


                            Here's the workflow: a user asks your web server to see a view.  Your web server requests a ticket from Tableau Server, then sends the URL back to the user.  The url contains the ticket and the view.  After the browser does a HTTP GET with that url, the ticket is redeemed and a redirect is performed to retrieve the view.


                            Ticket redemption means that a session cookie is set and the user is effectively logged into Tableau Server (although it's a restricted login -- unless unrestricted trusted tickets are being used),


                            This workflow described here: How Trusted Authentication Works


                            What this doc doesn't explain well is what happens afterwards.  If the user wants to see another view, they can request that view directly, without going through your web server and without requesting another trusted ticket.


                            Does that make sense?

                            1 of 1 people found this helpful
                            • 11. Re: Session expired
                              Jeff Strauss

                              Yes.  This makes absolute sense now.  Thanks for the explanation.  And now that you say this, I do recall testing the redeem of the ticket, the session being created, the cookie syncing up to the session, and then all future requests for the session don't require a new redeem of the ticket.  This was a couple years ago when I did the testing, and that knowledge must have escaped me