Please enable JavaScript to view this site.

Navigation: Using ASPRunnerPro > Security

Session control

Scroll Prev Next More


Starting with ASPRunnerPro version 10.3, you can find a Session keys button on the Security screen. Click this button to open a popup containing a JWT (JSON Web Token) secret key option.


Session control

Sessions never expire


This is not a secure option. Only use it for internal apps in a trusted environment.

Sessions expire after ...


Normally sessions expire after an amount of time specified in web server settings (session timeout). The default timeout depends on the web server and usually in the range of 20-30 minutes. To avoid making global changes to web server settings you can specify session timeout for your project.


Warn user when his session is about to expire


When this option is enabled a nice popup window will be shown to the end user when their session is about to expire. This page look can be changed in the Page Designer, under Common pages -> session_expired.

JSON Web Token secret key

JSON Web Tokens are a secure, cryptographically protected way of exchanging data over the network.


In ASPRunnerPro, JSON Web Tokens are encrypted with a secret key specific to your application. If you want the users to log in only once to access all your applications, make all your projects share the same secret key.


You can enter the same JWT secret key for all your projects on the Security screen -> Session keys dialog. This allows different projects to verify each other's tokens.


Note: it makes more sense when both projects have matching usernames. In this case user will be assigned the same permissions in the second project.



Lets say you have two projects that share the JWT key. In the first project, you can create a link to one of the second project pages (and vice versa). In the Menu Builder create a new item, choose to link to the External page and check off the checkbox saying 'Link to another application that shares the same JWT secret key'. This is it.


Visit to learn more about JSON Web Tokens.


Note: we do not recommend using both PHP sessions and JWT tokens at the same time as the will be a conflict. JSON Web Tokens is a better option.

Security screen articles:

Security screen

Login form appearance

Two-factor authentication

Registration and passwords

Advanced security settings

User group permissions

Dynamic permissions

Audit and record locking


Active Directory

Facebook connect

Sign in with Google

CAPTCHA on authentication pages

See also:

Security API

Datasource tables screen

Miscellaneous settings

Page Designer

Event editor