Announcement Announcement Module
No announcement yet.
Period of inactivity Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Period of inactivity

    How can I specify / code that a user that has been inactive for a certain amount of time needs to be re-authenticated ?

    I know there is a timeout for the user cache, but to my knowledge that is independant on whether the user has been online and does not represent the user a login screen.

  • #2
    there is the normal session timeout that is configurable in the web.xml


    • #3
      Thanks Scott. Sorry I didn't think of that :oops:
      It wasn't exactly what we were looking for (both a password expiration and a session timeout in mind) but it satisfies enough (there is a scalability benefit of having a session timeout = password inactivity timeout).


      • #4
        What do you mean password expiration? Maybe I didn't follow what you meant the first time For our purposes here the session timing out is suffcient since it forces reauthentication (I've tested this since I've left my desk and come back and been like hey why do I need to log back in ;-))

        I think Acegi keeps the Authentication object in the session so if the session expires then technically there is password expiration (if I understood what you meant). I may be wrong on this though.