Is session duration guaranteed?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
3
down vote
favorite
Let's assume that our session timeout value is set to the default 2 hours.
The documentation defines this value as Length of time after which the system logs out inactive users.
If the user is active in this period (actually the second half of this period, see documentation), the system will reset this value, giving you a longer total session.
My question is however, is this value of 2 hours guaranteed as a minimum session length? Will it always be at least 2 hours? Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.
security oauth2 oauth login session
asked Aug 13 at 11:31
Folkert
1,493727
add a comment |Â
up vote
3
down vote
favorite
Let's assume that our session timeout value is set to the default 2 hours.
The documentation defines this value as Length of time after which the system logs out inactive users.
If the user is active in this period (actually the second half of this period, see documentation), the system will reset this value, giving you a longer total session.
My question is however, is this value of 2 hours guaranteed as a minimum session length? Will it always be at least 2 hours? Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.
security oauth2 oauth login session
asked Aug 13 at 11:31
Folkert
1,493727
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
Let's assume that our session timeout value is set to the default 2 hours.
The documentation defines this value as Length of time after which the system logs out inactive users.
If the user is active in this period (actually the second half of this period, see documentation), the system will reset this value, giving you a longer total session.
My question is however, is this value of 2 hours guaranteed as a minimum session length? Will it always be at least 2 hours? Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.
security oauth2 oauth login session
asked Aug 13 at 11:31
Folkert
1,493727
Let's assume that our session timeout value is set to the default 2 hours.
The documentation defines this value as Length of time after which the system logs out inactive users.
If the user is active in this period (actually the second half of this period, see documentation), the system will reset this value, giving you a longer total session.
My question is however, is this value of 2 hours guaranteed as a minimum session length? Will it always be at least 2 hours? Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.
security oauth2 oauth login session
security oauth2 oauth login session
asked Aug 13 at 11:31
Folkert
1,493727
asked Aug 13 at 11:31
Folkert
1,493727
asked Aug 13 at 11:31
Folkert
1,493727
asked Aug 13 at 11:31
Folkert
1,493727
asked Aug 13 at 11:31
Folkert
1,493727
1,493727
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
3
down vote
Separating your questions.
- My question is however, is this value of 2 hours guaranteed as a
minimum session length? Will it always be at least 2 hours?
Yes and No (No if a User ends the session early). Based on the documentation link you have mentioned it states the behavior in detail:
The last active session time value isn’t updated until halfway through the timeout period. So if you have a 30-minute timeout, the system doesn’t check for activity until 15 minutes have passed. For example, if you update a record after 10 minutes, the last active session time value isn’t updated because there was no activity after 15 minutes. You’re logged out in 20 more minutes (30 minutes total), because the last active session time wasn’t updated. Suppose that you update a record after 20 minutes. That’s 5 minutes after the last active session time is checked. Your timeout resets, and you have another 30 minutes before being logged out, for a total of 50 minutes.
In addition to this, if you refer to the knowledge article here on how a current active session is calculated, it mentions the same thing where Salesforce "validates" an active session only after half the time of the total session duration defined.
It is important to note that a current active session is not updated
until halfway through the session's timeout period. For example, a
session with a 30-minute timeout value does not begin to check for
activity until the last 15 minutes of the session. Regardless of
activity during the first half of the session, if no activity is
detected in the latter half, the session will time out.
So in your case, let's say if the timeout is set to 2 hours, but if a User performed an activity say in 59th minute, the session duration is still 2 hours. However if the User performed the activity say at 61st minute, the session will be again extended by 2 hours. So at any point of the time, the 2 hours window is always guaranteed.
For the other part of the question:
- Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.
Yes. A session will always be revoked if ended by the User or by an Admin.
answered Aug 13 at 15:27
Jayant Das
6,3421320
Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
– Folkert
Aug 14 at 7:17
I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
– Jayant Das
Aug 14 at 12:03
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
Separating your questions.
- My question is however, is this value of 2 hours guaranteed as a
minimum session length? Will it always be at least 2 hours?
Yes and No (No if a User ends the session early). Based on the documentation link you have mentioned it states the behavior in detail:
The last active session time value isn’t updated until halfway through the timeout period. So if you have a 30-minute timeout, the system doesn’t check for activity until 15 minutes have passed. For example, if you update a record after 10 minutes, the last active session time value isn’t updated because there was no activity after 15 minutes. You’re logged out in 20 more minutes (30 minutes total), because the last active session time wasn’t updated. Suppose that you update a record after 20 minutes. That’s 5 minutes after the last active session time is checked. Your timeout resets, and you have another 30 minutes before being logged out, for a total of 50 minutes.
In addition to this, if you refer to the knowledge article here on how a current active session is calculated, it mentions the same thing where Salesforce "validates" an active session only after half the time of the total session duration defined.
It is important to note that a current active session is not updated
until halfway through the session's timeout period. For example, a
session with a 30-minute timeout value does not begin to check for
activity until the last 15 minutes of the session. Regardless of
activity during the first half of the session, if no activity is
detected in the latter half, the session will time out.
So in your case, let's say if the timeout is set to 2 hours, but if a User performed an activity say in 59th minute, the session duration is still 2 hours. However if the User performed the activity say at 61st minute, the session will be again extended by 2 hours. So at any point of the time, the 2 hours window is always guaranteed.
For the other part of the question:
- Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.
Yes. A session will always be revoked if ended by the User or by an Admin.
answered Aug 13 at 15:27
Jayant Das
6,3421320
Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
– Folkert
Aug 14 at 7:17
I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
– Jayant Das
Aug 14 at 12:03
add a comment |Â
up vote
3
down vote
Separating your questions.
- My question is however, is this value of 2 hours guaranteed as a
minimum session length? Will it always be at least 2 hours?
Yes and No (No if a User ends the session early). Based on the documentation link you have mentioned it states the behavior in detail:
The last active session time value isn’t updated until halfway through the timeout period. So if you have a 30-minute timeout, the system doesn’t check for activity until 15 minutes have passed. For example, if you update a record after 10 minutes, the last active session time value isn’t updated because there was no activity after 15 minutes. You’re logged out in 20 more minutes (30 minutes total), because the last active session time wasn’t updated. Suppose that you update a record after 20 minutes. That’s 5 minutes after the last active session time is checked. Your timeout resets, and you have another 30 minutes before being logged out, for a total of 50 minutes.
In addition to this, if you refer to the knowledge article here on how a current active session is calculated, it mentions the same thing where Salesforce "validates" an active session only after half the time of the total session duration defined.
It is important to note that a current active session is not updated
until halfway through the session's timeout period. For example, a
session with a 30-minute timeout value does not begin to check for
activity until the last 15 minutes of the session. Regardless of
activity during the first half of the session, if no activity is
detected in the latter half, the session will time out.
So in your case, let's say if the timeout is set to 2 hours, but if a User performed an activity say in 59th minute, the session duration is still 2 hours. However if the User performed the activity say at 61st minute, the session will be again extended by 2 hours. So at any point of the time, the 2 hours window is always guaranteed.
For the other part of the question:
- Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.
Yes. A session will always be revoked if ended by the User or by an Admin.
answered Aug 13 at 15:27
Jayant Das
6,3421320
Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
– Folkert
Aug 14 at 7:17
I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
– Jayant Das
Aug 14 at 12:03
add a comment |Â
up vote
3
down vote
up vote
3
down vote
Separating your questions.
- My question is however, is this value of 2 hours guaranteed as a
minimum session length? Will it always be at least 2 hours?
Yes and No (No if a User ends the session early). Based on the documentation link you have mentioned it states the behavior in detail:
The last active session time value isn’t updated until halfway through the timeout period. So if you have a 30-minute timeout, the system doesn’t check for activity until 15 minutes have passed. For example, if you update a record after 10 minutes, the last active session time value isn’t updated because there was no activity after 15 minutes. You’re logged out in 20 more minutes (30 minutes total), because the last active session time wasn’t updated. Suppose that you update a record after 20 minutes. That’s 5 minutes after the last active session time is checked. Your timeout resets, and you have another 30 minutes before being logged out, for a total of 50 minutes.
In addition to this, if you refer to the knowledge article here on how a current active session is calculated, it mentions the same thing where Salesforce "validates" an active session only after half the time of the total session duration defined.
It is important to note that a current active session is not updated
until halfway through the session's timeout period. For example, a
session with a 30-minute timeout value does not begin to check for
activity until the last 15 minutes of the session. Regardless of
activity during the first half of the session, if no activity is
detected in the latter half, the session will time out.
So in your case, let's say if the timeout is set to 2 hours, but if a User performed an activity say in 59th minute, the session duration is still 2 hours. However if the User performed the activity say at 61st minute, the session will be again extended by 2 hours. So at any point of the time, the 2 hours window is always guaranteed.
For the other part of the question:
- Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.
Yes. A session will always be revoked if ended by the User or by an Admin.
answered Aug 13 at 15:27
Jayant Das
6,3421320
Separating your questions.
- My question is however, is this value of 2 hours guaranteed as a
minimum session length? Will it always be at least 2 hours?
Yes and No (No if a User ends the session early). Based on the documentation link you have mentioned it states the behavior in detail:
The last active session time value isn’t updated until halfway through the timeout period. So if you have a 30-minute timeout, the system doesn’t check for activity until 15 minutes have passed. For example, if you update a record after 10 minutes, the last active session time value isn’t updated because there was no activity after 15 minutes. You’re logged out in 20 more minutes (30 minutes total), because the last active session time wasn’t updated. Suppose that you update a record after 20 minutes. That’s 5 minutes after the last active session time is checked. Your timeout resets, and you have another 30 minutes before being logged out, for a total of 50 minutes.
In addition to this, if you refer to the knowledge article here on how a current active session is calculated, it mentions the same thing where Salesforce "validates" an active session only after half the time of the total session duration defined.
It is important to note that a current active session is not updated
until halfway through the session's timeout period. For example, a
session with a 30-minute timeout value does not begin to check for
activity until the last 15 minutes of the session. Regardless of
activity during the first half of the session, if no activity is
detected in the latter half, the session will time out.
So in your case, let's say if the timeout is set to 2 hours, but if a User performed an activity say in 59th minute, the session duration is still 2 hours. However if the User performed the activity say at 61st minute, the session will be again extended by 2 hours. So at any point of the time, the 2 hours window is always guaranteed.
For the other part of the question:
- Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.
Yes. A session will always be revoked if ended by the User or by an Admin.
answered Aug 13 at 15:27
Jayant Das
6,3421320
edited Aug 13 at 15:34
answered Aug 13 at 15:27
Jayant Das
6,3421320
answered Aug 13 at 15:27
Jayant Das
6,3421320
answered Aug 13 at 15:27
Jayant Das
6,3421320
6,3421320
Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
– Folkert
Aug 14 at 7:17
I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
– Jayant Das
Aug 14 at 12:03
add a comment |Â
Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
– Folkert
Aug 14 at 7:17
I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
– Jayant Das
Aug 14 at 12:03
Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
– Folkert
Aug 14 at 7:17
Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
– Folkert
Aug 14 at 7:17
I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
– Jayant Das
Aug 14 at 12:03
I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
– Jayant Das
Aug 14 at 12:03
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f228678%2fis-session-duration-guaranteed%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
