AnsweredAssumed Answered

When user session will timeout

Question asked by Kodandasai on Jun 13, 2017
Latest reply on Jun 14, 2017 by Kodandasai

Hi Everyone,

 

If I have an active smsession for a protected resource and I am keep on refreshing the page, will my session be valid forever? Is there any specific time after which user session will timeout and user will be forced to login irrespective of whether he is idle or not? If so based on what parameter this timeout will be triggered? Can we modify that parameter?

 

Here I am looking for a particular scenario which goes like this.

Policy configuration - Agent has max session cache size enabled to some 3000.

I logged into the application and captured the SMsession using browser debug tools.

I logged off from application.

I replayed the session immediately and since web agent has session cache enabled, request got served from cache and it is successful.

Now I am simply refreshing the application with this replayed session.

 

How long I will be able to do that?

Is there any parameter to control that behavior.

What counter measures I have here apart from making max session cache size to zero. 

Outcomes