cancel
Showing results for 
Search instead for 
Did you mean: 

User session should be timed out if the user is idle for 15 minutes

Hi,

I want to create a rule set which should timeout the user sessions if the user is idle for 15 minutes.

and i have a few quires on this:

  • if we want the user to be timed out if the user is idle more than 15 minutes, we may have to track each and every user session. This may create more log files for the all the users?

Kindly clarify and share the rule set for idle timeout.

Regards,

PRASANTH.

0 Kudos
2 Replies
asabban
Level 17

Re: User session should be timed out if the user is idle for 15 minutes

Hello,

the problem is that HTTP is not session based, there is not a session between the user and the MWG. THe user simply makes single requests from time to time which are authenticated and processed by MWG.

Theoretically it is possible to remember in PD Storage when a user has sent a request the last time. By doing so it is possible to identify if the user has accessed a web site within the last 15 minutes, and to do something based on this result.

The main question that comes up is what authentication is currently used?

Tracking the "last request" time for every user will not create a lot of log data but it will impact the overall performance as MWG has to remember a piece of information for every user and for every request. This may be possible for a small group of users (like "guest" users), but not likely for everyone.

Alternatively it could be possible to use cookie authentication and try to refresh the cookie expiration time from time to time.

Best,

Andre

McAfee Employee

Re: User session should be timed out if the user is idle for 15 minutes

HI Prasanth and Andre,

I think we need to know what type of authentication you're using to help understand this better.

If you're using the authentication server, this can be done using the Hard TTL for auth server with a Soft TTL using cache remaining time, see our best practice on it:

This wont be an idle time by default, however magic could be worked to make it so. However most folks are happy with the rules by default.

I prefer this over PDStorage or Cookie auth.

Best Regards,

Jon