TechTips - How to Configure and Set a Session State for SharePoint 2007

Security is a huge deal with most organizations and their websites are usually held to a higher standard of security then most other areas in the company. Well in SharePoint 2007 a simple security setting called Session State can be set to ensure that if a user leaves the company website open and walks away from their desk, after a certain time period the session will timeout and they will be prompted to login again. This protects the user and the website from potential malicious users who might sneak in while they are away and use the user account and website for something harmful.

Now first a user shouldn't leave their computer unattended without locking it first anyway, but we all know that from time to time this will happen. No matter how many times you explain the possibility of something happening users will "forget" security protocols that are in place to protect them and the systems. So you try to help out the situation by applying one easy setting in SharePoint 2007.

The SharePoint 2007 Session state is a great way to make sure that if a user is inactive on the website for a set amount of time (meaning they probably stepped away or are on a call or some other important business) the website will log them off the website and prompt them to log back in when they return. This can aid in the protection of the users account and the website, again not 100% but it is better than allowing the session to stay active for an unlimited amount of time.

So to configure the session state in SharePoint 2007 so that it times out inactive session, just follow these steps:

Open the Central Administration Webpage

Click the Application Management Tab

Click Configure Session State Link (Office SharePoint Server Shared Services Section)

Click Check Box (to enable Session State)

Set time limit (set in minutes mine is set to 10 minutes)

Click OK

SharePoint will process your new settings and when completed it will display a message telling you it was successful. Now you can test out your website and session state by opening your website, let it sit idle for the time limit you set (10 minutes for mine) then try to access something on the page. It should tell you the session expired and that you need to log back in to get access to the site.

There are some things to think about before applying the session state time limit, you will probably want to let your users know that this is going to be put into action and let them know the time limits. If they previously would let their screen idle for long periods of time and never were prompted to login again, they might call asking why they now have to login to the page after being away from their computer. Users don't like change and might fight it but if you give them ample warning you will probably have very little push back. You will also want to make sure that the session time limit is long enough to allow users to do their daily work on the pages and isn't timing them out to quickly. I admit 10 minutes isn't very long, so you might want to adjust yours to whatever best suits your users, remember security is good but you also want to allow productivity. Too much security could hinder the productivity then it isn't worth it, you have to find a good balance.

Well I hope this guide helps you to setup your Session State time limit to time out inactive sessions and give you a little more security on your SharePoint 2007 websites.