How do I increase the session timeout in AuthAnvil Password Server?

The user session in AuthAnvil Password Server is managed in 2 locations:  IIS settings and the web.config file.  To modify the session timeout and allow a user to stay logged in for an extended period of time even when inactive, the session settings will need to be updated in both places:

(Note: This modification takes place at the website level in IIS.  All of the .NET applications on the same site as AuthAnvil Password Server will have their session timeout adjusted similarly.)

Update Session Settings in IIS (7 or later)

  1. Open the IIS Manager on the server where AuthAnvil Password Server is installed.
  2. Click once on the web site where AuthAnvil Password Server is installed to select it.
  3. Double-click on Session State to open the session settings.
  4. In the "Cookie Settings" section update the Time-out (in minutes) to your preferred session timeout.
  5. Click Apply to save the changes.


Update Session Settings in AAPS web.config

  1. Open the file at C:\Program Files\Scorpion Software\AuthAnvil Password Server\AAPS\web.config.  (You may need to "Run as Administrator" to elevate notepad)
  2. Scroll down until you see a section that reads:
    <setting name="SessionDuration" serializeAs="String">  <value>20</value></setting>
  3. Update the value from "20" to reflect the same timeout as in the Session State in IIS.
  4. Save the web.config file.

Your session timeout for inactive users in AuthAnvil Password Server should now reflect the value defined in IIS and the web.config file.  

Password Server v2.7

If you are using Password Server v2.7 please download and apply the following hotfix AAPS_HotFix.exe. This hotfix included a fix to respects session timeout set in web.config.

Note: The hotfix is attached to this article


Alternative Solution

If your goal is to prevent users from having to log in multiple times a day, we recommend using AuthAnvil Single Sign On.  Using your Two Factor Auth token, you can authenticate to the SSO portal and have one-click access into your personal AuthAnvil Password Server login.  The SSO Portal session stays open for a default of 8 hours (480 minutes).



If you have any questions or need some help, we would be happy to assist. Open a case at or send an email to


Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section