Menu
Is it possible to have different session time outs for different users? I need to have 180 mins session for admin and 20 min for non-admin users. Currently it is single session timeout for all the users. we are using a web.config key
Any help would be appriciated.
610
“OWASP recommends application builders to implement short idle time outs (2-5 minutes) for applications that handle high-risk data, like financial information. It considers that longer idle time outs (15-30 minutes) are acceptable for low-risk applications.”
The course idle time out works in-conjunction with session timeout length. When the user's session is about to expire, the system displays a warning message: If the user chooses to continue their session, then the timer is reset. The user can continue completing their training and remain logged in to the system.
Setting Session.Timeout property by code will set the timeout on a per user basis.
You can manually set Session.Timeout = 20; or Session.Timeout = 180; based on the user type when they log in.
This code should work for you:
protected void SetSessionTime(string userType)
{
if (UserType == "admin")
{
Session.Timeout = 180;
}
else
{
Session.Timeout = 20;
}
}
You can call SetSessionTime() after user successfully logs in.
58
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
