session-timeout

We are running a vendor-supplied webapp in Tomcat 5.5 using the StandardManager for sessions (in memory). As sessions can get quite large (20M+), running out of heap space is a serious concern. Users want to keep sessions around for a couple of hours if possible but would rather evict sessions than run out of heap space. It does not appear that the vendor properly implemented Serializable in session'ed objects, so switching to the persistent session manager implementation isn't an option. Tomcat allows one to set a maxActiveSessions property that will restrict the overall number of sessions in

My php session is set to expire when user closes the browser but I noticed that if I leave my browser open for an extended period of time (24+ hours for example) the session still persists. Is there a way that I can have these sessions expire either when the browser is closed or when some extended period of time has transpired? The solution might be to set data via ini_set('session.gc_maxlifetime', <lifetime in seconds>); Of course if it's possible to change config via PHP. Otherwise you wil need to set proper values in your php.ini : ini_set(‘session.gc_maxlifetime’,30); ini_set(‘session.gc

I am having issues with frequent Session Time Out. I want to write a common filter that I could use on each controller, filter should redirect the user to login and after log in back to from where user sent the last request. You could try something like this: public class SessionExpireAttribute : ActionFilterAttribute { public override void OnActionExecuted(ActionExecutedContext filterContext) { base.OnActionExecuted(filterContext); } public override void OnActionExecuting(ActionExecutingContext filterContext) { if (filterContext.HttpContext.Session != null) { if (filterContext.HttpContext

I have an asp.net application which is currently using forms authentication with slidingExpiration="true". In web.config, we have the following: <authentication mode="Forms"> <forms loginUrl="Mylogin.aspx" timeout="15" slidingExpiration="true"/> </authentication> This is all to spec: There is a sliding 15 minute expiration. However, we now have a new security requirement: Users must re-authenticate every 24 hours, even if they have been "active" the whole time. In other words, even if you clicked a link in the site every minute for 24 hours straight after logging in, after 24 hours, you will

Scaling out web application through multiple instances is one of biggest advantages of azure cloud. To achieve multiple VMs support for our web-role cloud application we are implementing Azure Redis Cache. We are using RedisSessionStateProvider provider for maintaining session state. Following are the configuration settings for session management within web.config file. <authentication mode="Forms"> <forms loginUrl="~/Login" slidingExpiration="true" timeout="20" defaultUrl="~/Default" /> </authentication> <sessionState timeout="20" mode="Custom" customProvider="MySessionStateStore"> <providers