session-timeout

问题 My php session is set to expire when user closes the browser but I noticed that if I leave my browser open for an extended period of time (24+ hours for example) the session still persists. Is there a way that I can have these sessions expire either when the browser is closed or when some extended period of time has transpired? 回答1: The solution might be to set data via ini_set('session.gc_maxlifetime', <lifetime in seconds>); Of course if it's possible to change config via PHP. Otherwise you

问题 I have an asp.net application which is currently using forms authentication with slidingExpiration="true". In web.config, we have the following: <authentication mode="Forms"> <forms loginUrl="Mylogin.aspx" timeout="15" slidingExpiration="true"/> </authentication> This is all to spec: There is a sliding 15 minute expiration. However, we now have a new security requirement: Users must re-authenticate every 24 hours, even if they have been "active" the whole time. In other words, even if you

问题 I tried to set the Session timeout for particular users using session.setMaxInactiveInterval(30*60) 30 minutes . But by default it's assigned to 86400 seconds (24 hrs). Also tried in Web.xml <session-config> <session-timeout>30</session-timeout> // Session timeout assigned for all the users </session-config> 回答1: It looks HttpSession.setMaxInactiveInterval() is not honoured by the AppEngine platform anymore (it worked in the past). You can however still specify session timeout in the web.xml

问题 I tried to set the Session timeout for particular users using session.setMaxInactiveInterval(30*60) 30 minutes . But by default it's assigned to 86400 seconds (24 hrs). Also tried in Web.xml <session-config> <session-timeout>30</session-timeout> // Session timeout assigned for all the users </session-config> 回答1: It looks HttpSession.setMaxInactiveInterval() is not honoured by the AppEngine platform anymore (it worked in the past). You can however still specify session timeout in the web.xml

问题 I've seen multiple articles like this one that explain how to detect that a user's session has timed out. And for clarity's sake, these articles are referring to the timeout value defined by this web.config line: <sessionState mode="InProc" cookieless="UseDeviceProfile" timeout="120" /> Not to get into that method too much, but this involves checking that Session.IsNewSession is true and that a session cookie already exists. But I haven't seen any articles on how to detect authentication

问题 I have a jsp servlet based application, with session time out of 30 mins, I want to invalidate the session as soon as a person closes the browser window intentionally or accidentally (OS shutdown/close from tast manager/powerdown) Can I put a check for that and invalidate the session? 回答1: It is not possible to handle this scenario . There are some browsers which provide this setting as their preference , but you can't handle this programitically. At max: You can make a poll from page(may be

问题 Is there a way in Zend Framework or PHP to get the time until the Session(PHPSESSID cookie) expires? 回答1: I don't know of any method provided by the framework to achieve this. But as soon as you know where ZF stores expiration time for its namespaces, you might be able to do something like this: $session = new Zend_Session_Namespace( 'Zend_Auth' ); $session->setExpirationSeconds( 60 ); $timeLeftTillSessionExpires = $_SESSION['__ZF']['Zend_Auth']['ENT'] - time(); 来源： https://stackoverflow.com

问题 I'm trying to write the part of my app so that it handles session timeouts gracefully, but I can't seem to control how the duration of time before a timeout occurs for testing. I am using JBoss 5.1, and I am modifying the session-config my web descriptor (web.xml) such that the session times out after a minute (just for testing) <session-config> <session-timeout>1</session-timeout> </session-config> But after creating a session by logging in, it never times out. No setting that I give it

问题 I am trying to get the JSF web front-end to redirect to back to the login page (in Spring Security) when the session times-out. I have tried using a meta-refresh approach, however this causes an undesired side-effect that the meta-refresh time will not be updated when only AJAX controls are used on the page. This means that the page may refresh while you are still using it, because you haven't transitioned to another page and only made AJAX calls to the server. I have not found a way to

问题 I have to test a web application that is written by spring and jsp. The default session-timeout for the application is 30 min. I want to reduce the session-timeout. For doing this, I have changed in the web.xml file in tomcatInstallationLocation/conf/ . But it doesn't work. The default configuration in tomcatInstallationLocation/conf/web.xml was - <session-config> <session-timeout>30</session-timeout> </session-config> Where I've just changed the time and make it - <session-config> <session