I have set the web config session timeout to 480 minutes (8hours) I did the same in IIS for the app pool, then for the default website and for my website. Session still times out after 20 minutes, something must be overriding :/
Did anyone have the same problem?
Turns out that I had js script that waited for 20 minutes and then relocated the window to login page...
Obviously I changed the time to longer :)
Related
I have set the session timeout to 20 minutes by adding the following line to my application.properties file:
server.servlet.session.cookie.max-age=20m
The problem is that my application is a single page application. So even if I use it I never change page and the timeout is never reset. Therefore after 20 minutes I am logged out. I can I tell Spring to reset the timeout after each REST request?
I solved the problem by replacing this line:
server.servlet.session.cookie.max-age=20m
with this line
server.servlet.session.timeout=20m
in the application.properties file.
Recently I created a asp classic web page with which a user can insert his worked hours.
One of the requests was that the page should show a message who is logged in every 10 minutes. The user does his production on a machine and has it's computer besides him, so it is possible that a user will be inactive on the hour web page for 5 - 60 minutes (or even more), yet he will stay on the page nonetheless.
To make the pop up message every 10 minutes I used a timer created in JQuery, this all works fine. Because the total inactive time is not sure, the person wanted the session timeout to be large (24-hours) so that session state (who is logged in) remains for a long time. When a user uses the insert hour web page he is requested to select his username on a different web page and the session("user") is then set.
To accomplish the long session timeout I created a global.asa file in the root with the following code:
<script language="VBScript" runat="Server">
<!-- METADATA
TYPE="typelib"
UUID="00000200-0000-0010-8000-00AA006D2EA4"
-->
Sub Session_OnStart
' Session timeout in minutes (24 hours)
Session.Timeout = 1420
End Sub
</SCRIPT>
Though for some reason (I timed it) the timeout is still the default 20 minutes.. Then I tried to also set the Session.Timeout = 1420 in:
a. The web page of the hours inserting and
b. In the page where the user is selected and the session is being set.
This didn't had any effect though. So then I started researching it and found a similar question on stackoverflow: Session Timeout in Classic ASP website
So this made me look at my IIS settings on the server where I changed a few things.
In the application pool of the website I changed the Regular Time Interval to 0:
Next I also changed the Time-Out to 24 hours in the Session Properties on the Services tab of my website (under Sites):
However this all doesn't have any effect. It still ends the session after 20 minutes (at least it resets my session("user") state.
In the hour inserting web page the session is being checked as follows:
if session("user")="" then
response.redirect("ShowPage.asp?page=SelectUserTimeout")
response.end
end if
So when the session is empty it will redirect to the select a user page where the session("user") will be set again. Though with my time-out settings, if it would actually work, this should only happen after 24 hours and not after 20 minutes.
Any ideas what's going wrong here?
I am using by the way IIS 8.0.
UPDATE
I found the problem! It seems that the Idle Time-Out (Minutes) in the Application Pool of my website was still on the default 20 minutes and for some reason my session.timeout in the asp code didn't override that.
So for anyone facing the same problem I suggest that you go to your Application Pools in IIS --> then go to the application Pool of the website --> go to advanced settings --> Process Model --> and change Idle Time-out
I found the problem myself! It seems that the Idle Time-Out (Minutes) in the Application Pool of my website was still on the default 20 minutes and for some reason my session.timeout in the asp code didn't override that.
So for anyone facing the same problem I suggest that you go to your Application Pools in IIS --> then go to the application Pool of the website --> go to advanced settings --> Process Model --> and change Idle Time-out
In fact the answer posted by the OP is not the solution. I had the same problem and solved configuring the application pool:
Basic Configuration - DO NOT USE .NET CLR. Select No Managed Code.
Pipeline code still Integrated.
Tried on Windows 10 Pro and Windows 2008 server and worked for both.
I am seeing strange issue after upgrading spring boot from 0.5.0.M7 to 1.1.9.RELEASE.
My application.properties has this property defined
server.session-timeout=60
But now my session gets expired within 1 minute of inactivity. I switch back to previous version and the issue disappears.
I debugged my code to see if ServerProperties.java was setting 60 to sessionTimeout variable inside it. And it indeed did.
Can somebody point me to the direction I should be looking to? What has changed that could cause such an issue?
http://docs.spring.io/spring-boot/docs/1.1.9.RELEASE/reference/htmlsingle/#appendix
The following documentation contains all the properties that you can use in you yml configuration. Here is what it says about the server.session-timeout:
server.session-timeout= # session timeout in seconds
If you want to have 60 minutes timeout then you need to use
server.session-timeout=3600
Hope this helps.
We have an internal control panel that all employees in the office are logged into all day, including customer service. I'd like for it to be setup so that it keeps you logged in for 1 hour before your session expires. How can I change this in the PHP.ini? I made a change before I understood would keep the session open until the browser window was closed but it didn't stick.
There are two different values you can set:
session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up.
and session.cookie_lifetime which is how long the cookie will last.
http://www.php.net/manual/en/session.configuration.php
both values can be set in the php.ini file, but might get overriden in .htaccess files or in your scripts using ini_set.
You can also do this client-side using JavaScript. Use an AJAX call to periodically 'check-in' with the server, keeping the PHP session alive. You can also monitor if the user is doing anything on the current page, show them a '2 minute warning' message, or even redirect them to a 'session terminated' page when the 1 hour inactivity period is reached. You could even use this to 'force' a user to be signed out.
This isn't as secure as doing it purely in PHP, but does give you more flexibility to build cool features.
The most secure place to implement this would be in your application. You can store the session update time in $_SESSION on each page load. Before you update it, you check if it has exceeded the 60 minute limit, in which case you can use session_destroy() to terminate the session, followed by a redirect to the login page (or similar).
I don't think this can be done from the php.ini file. I think you either want to store the login time on the server and compare that with the current time and delete if 60mins have passed, or alternatively, use cookies -- these can have an explicit lifespan. See this for more information on cookies.
I'm using Zend Framework for PHP and handling sessions with the Zend_Session module. This is what I have in my Initializer (or bootstrap):
Zend_Session::start();
Zend_Session::rememberMe(864000);
864000 seconds should be good for 10 days, but I'm still being kicked out at about an hour (or maybe a little less). I've tested to see if this statement works at all by setting it to 10 seconds, and indeed I am kicked out at the appropriate time, but when I set it to a very high value, it doesn't work! I went through some of the documentation here:
http://framework.zend.com/manual/en/zend.session.html
Another method I saw was to use the following:
$authSession = new Zend_Session_Namespace('Zend_Auth');
$authSession->setExpirationSeconds(3600);
Now, I have different namespaces. Does this mean I have to set this for all of them if I want to keep them from expiring? I haven't tested this method of setting the expiration, but I really wanted to see what the gurus on here had to say about what the correct way of approaching this problem is. Thanks a lot guys...
Also, does anyone know how I can make it so that the session never expires? I've tried setting the second to 0 and -1, but that throws an error.
I had the same problem and solved it by putting:
resources.session.save_path = APPLICATION_PATH "/../data/session/"
resources.session.gc_maxlifetime = 864000
resources.session.remember_me_seconds = 864000
in the application.ini (as suggested by tawfekov) and
protected function _initSessions() {
$this->bootstrap('session');
}
in the Bootstrap.php (this I typically forgot at first). You have to give the session directory the correct access rights (chmod 777). I described the issue here. Hopefully this will help the next person with the same issue.
Your client's computer clock, date, AND time zone need to be set correctly for session expirations to work. Otherwise the time conversions are off, and likely causing your cookie to expire the minute it hits the their browser.
Try calling remember me before starting the session:
Zend_Session::rememberMe(864000);
Zend_Session::start();
Otherwise I believe it will use the default of remember_me_seconds. See 49.4.4. rememberMe(integer $seconds)
Also, does anyone know how I can make
it so that the session never expires?
I've tried setting the second to 0 and
-1, but that throws an error.
I don't think that is possible. The session is controlled by whether the cookie exists on the users computer. Those cookies can be deleted, even by the users if they clear their cache. I think the best you can do is set it to a very large number. Say 12 months.
I guess you are using ZF 1.8 or above ,
so you can put in the config.ini file
resources.session.save_path = APPLICATION_PATH "/../data/session"
resources.session.remember_me_seconds = 864000
and these setting will automatically loaded
again only in ZF 1.8 or above if not you had to load these config manually
i hope it helps you :)
Are there other PHP applications running on the server?
Assuming you're using the standard, file-based, session handler, PHP will store all sessions in the same place (typically /tmp).
If you have some other script on the server using the default session_gc_maxlifetime settings, it may be eating your session files.
The easiest fix to try is to configure PHP to store session files for this application someplace special -- that way other apps running on the server will never accidently "clean up" session data from this app.
Try creating a directory like /tmp/myAppPhpSessions (or whatever), and adding:
ini_set('session.save_path','/tmp/myAppPhpSessions');
ini_set('session.gc_maxlifetime', 864000);
at the very top of your bootstrap file.
Make sure session.auto_start is off in php.ini