A basic question I can't seem to find the answer for:
Web servers and/or applications can specify "Session Timeout" value(s). Is this timeout:
- the maximum length of time a session can remain idle before being automatically closed (what is sometimes called an "idle timeout")
OR
- the maximum length of time the session is allowed to exist, REGARDLESS of user activity in the session?
It seems that default session timeout is 20 minutes in IIS/ASP.NET. In my app some forms have large text fields in which users will put relatively large chunks of text. I'm concerned that if they dawdle in a field while composing a "magnum opus", their session will time out and they'll lose it all. They might get choked about that :\
So, although I've raised the session timeout to 60 minutes I'm telling the users not to go more than 30 without saving or they might lose it :) Nonetheless, they could easily sit there for hours at a time, saving regularly. That's why I need to know if the timeout value is an "idle timeout" or a total session time limit.
I suppose a related question would be - is there any way to warn a user their session is about to expire?
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up