That's up to you depending on the amount of traffic you receive and the amount of memory allocated to the JVM heap. :-)
It also partially comes down to how frequently you get complaints about the issue. If 99% of your users complete the transaction in 5m or less and there is 1% that lets it sit for an hour and then comes back, do you want to set your session to 1.5 hours? On Thu, Jul 25, 2013 at 1:24 AM, Tom Poage <[email protected]> wrote: > On Jul 24, 2013, at 6:43 PM, Scott Battaglia <[email protected]> > wrote: > > The login token has been there since the beginning of time. Well at > least since 3.0 :-) The problem/issue is that its stored in the session so > if you set a short session it will time out. If you set a long session > you're wasting memory. > > What might be a 'reasonable' (vs. 'short' or 'long') session timeout? > > Thanks. > Tom. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
