We have implemented SSO on our hybrid app however we want to set it so after a set time period the user has to re-authenticate. We have changed the run time settings EnableKeepAlive to false and com.mendix.webui.HybridAppLoginTimeOut to 10 minutes. We can see that the active session is being removed after the app is not used for the 10 minutes(+ cluster manager interval time) however when the app is then opened again the user does not have to re-authenticate and it goes straight to the homepage. We believe this is because the token information for the user is not being removed or set to expired as when we manually delete this and then reopen the app it requires log in.
Thanks for the help.
Did you also set the SessionTimeout setting?