Reputation: 363
Siteminder Max Timeout
At my place of employment, we are using CA's Siteminder to implement a single sign on for our applications. We have had issues with users "timing out" after seemingly random times and even while doing work.
Took us a while, but we finally figured it out. Siteminder has a setting called "max timeout" which basically causes the user's session to be invalidated after two hours...
I can't for the life of me figure out what the hell you would use that for?
Any ideas?
Upvotes: 0
Views: 1236
Answers (1)
Reputation: 406
The Max timeout setting is meant to ensure that any cookies that are too old are removed. Unless you are using the Siteminder session store, SM cookies are vulnerable to being stolen and then replayed. The max timeout ensures that even if a cookie has been stolen.. it cannot be used for more than the max timeout regardless of the user continuously browsing and refreshing the session.
Upvotes: 1
Related Questions
- .NET Core 3.1 web Session Timeout
- Session Timeout Limit in ASP.NET?
- Increasing Session TimeOut
- Sharepoint session timeout alert for logged in users(Site minder Integrated)
- How do I increase session timeout with W.I.F / SAML tokens / FedAuth cookie
- Session gets time out frequently although i set timeout time in web.config
- Session timeout settings in IBM Websphere
- Session in asp.net expiration
- asp.net 2.0 session timeout
- Session timeout in web applications