"Your session has expired" error message in Office Online
Symptoms
Users receive a "Your session has expired" error message in Microsoft Office Online after 15 minutes.This error may occur when they do one or more of the following actions:
- Locate a document library in Microsoft Edge
- Open documents from OneDrive for Business or SharePoint Online libraries in Office
- Open documents from OneDrive for Business or SharePoint Online libraries in Office Online
Cause
If you're a tenant administrator and you begin IP address enforcement for OneDrive for Business in Microsoft 365, this enforcement automatically activates a tenant parameter that's called IPAddressWACTokenLifetime. The default value of the IPAddressWACTokenLifetime parameter is 15 minutes.
You can determine whether you're using IP address enforcement in the following two ways:
- See whether the Allow access only from specific IP address locations check box is selected in your OneDrive admin portal (https://admin.onedrive.com/?v=AccessPolicySettings).
- Check if the IPAddressEnforcement parameter value is set to True. To do this, follow these steps:
Download and install SharePoint Online Management Shell.
In the SharePoint Online Management Shell module, connect to the SharePoint Online admin center by using the Connect-SPOService cmdlet. For example, run the following cmdlet:
Connect-SPOService -URL https://contoso-admin.sharepoint.comRun the following cmdlet to check the IPAddressEnforcement parameter:
Get-SPOTenant | fl
Resolution
To resolve this issue, change the IPAddressWACTokenLifetime parameter value through the SharePoint Online PowerShell module to extend the lifetime of the token. To do this, run the following cmdlet.
Note
The IPAddressWACTokenLifetime parameter is valued in minutes.
Set-SPOTenant -IPAddressWACTokenLifetime <integer value in minutes that's greater than 15>
For example:
Set-SPOTenant -IPAddressWACTokenLifetime 20
For more information, see the following articles:
More Information
After you authenticate any application in SharePoint Online, the application is issued an access token. In a default setup, any access token that's issued by SharePoint Online is valid for about 8 hours. This behavior minimizes users getting prompted for credentials during a usual workday because of tokens expiring.
When you use IP address enforcement, it directs SharePoint Online to greatly reduce the time-out of the tokens that are issued to Office Online specifically.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for