Currently, the AccessTokenExpireSeconds controls both 'x' and 'y' seconds, where 'x' is the number of seconds an active session is open/connected, and 'y' is the number of seconds the Access screenconnect.client.exe is a valid link to open a session, making it active.
We would like to split this into two separate configuration settings, something as such:
AccessTokenExpireSeconds controls 'x', or the length of time an session is allowed to be active/usable
ClientExeExpireSeconds controls 'y', or the length of time the screenconnect.client.exe is allowed to join or create the session; an alternative is to allow single-use-only, or run once; another alternative is require to authenticate back use SC credentials each time the EXE is run
If the client EXE expires (based on 'y' amount of time), a user should be allowed to login to the SC server, and re-download it, thus, resetting the ClientExeExpireSeconds counter. Ideally, I would be setting this to something short, like 30 seconds. This reason for this is for security purposes. As of now, if a user is on a public computer using SC to login to their remote machine, that EXE will stay active 'x' amount of time, which is 24 hours by default, I believe. That user may only be in the active session for 10 minutes, but the EXE is available to other unknown people after the user has stopped using the computer, which can possibly gain unauthorized access.
Having the EXE itself expire quickly should remediate this.
Customer support service by UserEcho