https://issues.apache.org/bugzilla/show_bug.cgi?id=57301
Bug ID: 57301
Summary: Add SessionMaxAgeAbsolute Directive
Product: Apache httpd-2
Version: 2.4.6
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_session
Assignee: [email protected]
Reporter: [email protected]
The SessionMaxAge Directive is reset at every request. While this is reasonable
for a lot of usecases, company policies often require that sessions are
terminated after a fixed time no matter what, even if the user is still
online/working.
I therefore propose a new directive to specify an absolute SessionMaxAge. When
a session is saved, this time limit is NOT reset/updated.
As an alternative you could allow to redefine current behavior with a flag.
This would not break existing configurations, but it would be less flexible.
Some companies require even both, that sessions get destroyed after a fixed
time AND that sessions time out.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
