D
Doogie
Hi,
We have a page we want to refresh every 30 minutes so that users can
get up to date info. The problem is that there is information within
the session that we need in each refresh to determine what roles the
user belongs to so that we can get the data they need.
The page times out because we lose our session info after 20 minutes.
Resetting that timeout value is not an option (I've been told we
aren't allowed).
If I refresh the page every 15 minutes, the problem goes away.
However, I was told that is a security risk because I'm potentially
creating an infinite session timeout.
I'm curious for anyone out there that could help explain if indeed
this is a security risk and why?
We have a page we want to refresh every 30 minutes so that users can
get up to date info. The problem is that there is information within
the session that we need in each refresh to determine what roles the
user belongs to so that we can get the data they need.
The page times out because we lose our session info after 20 minutes.
Resetting that timeout value is not an option (I've been told we
aren't allowed).
If I refresh the page every 15 minutes, the problem goes away.
However, I was told that is a security risk because I'm potentially
creating an infinite session timeout.
I'm curious for anyone out there that could help explain if indeed
this is a security risk and why?