Post
Ask Question

SharePoint ECB Menu Refresh In Federated Authenticated Site

In this article, we look at how to solve the ECB menu refresh in the federated authenticated site.
 
Note 1
 
This issue is only for federated authentication and not for Windows Authentication mode.
 
Note 2
 
In our scenario, LogonTokenCacheExpirationWindow is 9 minutes and ServiceTokenCacheExpirationWindow is 10 minutes. So, the popup holds good for 1 minute.
 
In federated authenticated site, ECB menu of an item (List or Library) refresh depends on the lifetime difference between LogonTokenCacheExpirationWindow and ServiceTokenCacheExpirationWindow. By default, it is 10 minutes for both and hence when the ECB menu is clicked the second time after the page loaded, the popup won’t appear. The issue here is the popup must make an AJAX call which expires because the cache is already expired.
  • Select an item under any app in SharePoint and click on the second level ECB Menu (For example click “…” of any document and then again click “…”, as shown below – marked in green color). 

  • For the first time, it opens fine and if you leave the page and don’t do any user action for more than 1 minute (in our case) this depends on LogonTokenCacheExpirationWindow Expiration and SecurityTokenCacheExpirationWindow.

  • In our case, LogonTokenCacheExpirationWindow is 9 minutes and SecurityTokenCacheExpirationWindow is 10 minutes. Hence, the popup holds good for 1 minute and after that, it needs to reauthenticate and hence it is not reloading.

  • The 2nd level ECB menu makes AJAX call and hence page is not refreshing for the federated authenticated sites.

  • If the 2nd level ECB (…) is clicked after 1-minute popup doesn’t reload. (In F12 mode, you could see the error as mentioned below).
Solution
 
Update the LogonTokenCacheExpirationWindow to 1 minute using the below command.
  1. $logontime = Get-SPSecurityTokenServiceConfig  
  2. $logontime.LogonTokenCacheExpirationWindow = (New-TimeSpan -Minutes 1)  
  3. $logontime.Update()  
Now, the cache expiration difference between ServiceTokenCacheExpirationWindow and LogonTokenCacheExpirationWindow become 9 (10-1 = 9 minutes).
 
This makes sure the second level ECB menu loads properly as shown below,