Is session duration guaranteed?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
3
down vote

favorite












Let's assume that our session timeout value is set to the default 2 hours.

The documentation defines this value as Length of time after which the system logs out inactive users.



If the user is active in this period (actually the second half of this period, see documentation), the system will reset this value, giving you a longer total session.



My question is however, is this value of 2 hours guaranteed as a minimum session length? Will it always be at least 2 hours? Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.










share|improve this question



























    up vote
    3
    down vote

    favorite












    Let's assume that our session timeout value is set to the default 2 hours.

    The documentation defines this value as Length of time after which the system logs out inactive users.



    If the user is active in this period (actually the second half of this period, see documentation), the system will reset this value, giving you a longer total session.



    My question is however, is this value of 2 hours guaranteed as a minimum session length? Will it always be at least 2 hours? Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.










    share|improve this question























      up vote
      3
      down vote

      favorite









      up vote
      3
      down vote

      favorite











      Let's assume that our session timeout value is set to the default 2 hours.

      The documentation defines this value as Length of time after which the system logs out inactive users.



      If the user is active in this period (actually the second half of this period, see documentation), the system will reset this value, giving you a longer total session.



      My question is however, is this value of 2 hours guaranteed as a minimum session length? Will it always be at least 2 hours? Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.










      share|improve this question













      Let's assume that our session timeout value is set to the default 2 hours.

      The documentation defines this value as Length of time after which the system logs out inactive users.



      If the user is active in this period (actually the second half of this period, see documentation), the system will reset this value, giving you a longer total session.



      My question is however, is this value of 2 hours guaranteed as a minimum session length? Will it always be at least 2 hours? Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.







      security oauth2 oauth login session






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Aug 13 at 11:31









      Folkert

      1,493727




      1,493727




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          3
          down vote













          Separating your questions.




          1. My question is however, is this value of 2 hours guaranteed as a
            minimum session length? Will it always be at least 2 hours?



          Yes and No (No if a User ends the session early). Based on the documentation link you have mentioned it states the behavior in detail:




          The last active session time value isn’t updated until halfway through the timeout period. So if you have a 30-minute timeout, the system doesn’t check for activity until 15 minutes have passed. For example, if you update a record after 10 minutes, the last active session time value isn’t updated because there was no activity after 15 minutes. You’re logged out in 20 more minutes (30 minutes total), because the last active session time wasn’t updated. Suppose that you update a record after 20 minutes. That’s 5 minutes after the last active session time is checked. Your timeout resets, and you have another 30 minutes before being logged out, for a total of 50 minutes.




          In addition to this, if you refer to the knowledge article here on how a current active session is calculated, it mentions the same thing where Salesforce "validates" an active session only after half the time of the total session duration defined.




          It is important to note that a current active session is not updated
          until halfway through the session's timeout period. For example, a
          session with a 30-minute timeout value does not begin to check for
          activity until the last 15 minutes of the session. Regardless of
          activity during the first half of the session, if no activity is
          detected in the latter half, the session will time out.




          So in your case, let's say if the timeout is set to 2 hours, but if a User performed an activity say in 59th minute, the session duration is still 2 hours. However if the User performed the activity say at 61st minute, the session will be again extended by 2 hours. So at any point of the time, the 2 hours window is always guaranteed.



          For the other part of the question:




          1. Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.



          Yes. A session will always be revoked if ended by the User or by an Admin.






          share|improve this answer






















          • Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
            – Folkert
            Aug 14 at 7:17










          • I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
            – Jayant Das
            Aug 14 at 12:03










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "459"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f228678%2fis-session-duration-guaranteed%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          3
          down vote













          Separating your questions.




          1. My question is however, is this value of 2 hours guaranteed as a
            minimum session length? Will it always be at least 2 hours?



          Yes and No (No if a User ends the session early). Based on the documentation link you have mentioned it states the behavior in detail:




          The last active session time value isn’t updated until halfway through the timeout period. So if you have a 30-minute timeout, the system doesn’t check for activity until 15 minutes have passed. For example, if you update a record after 10 minutes, the last active session time value isn’t updated because there was no activity after 15 minutes. You’re logged out in 20 more minutes (30 minutes total), because the last active session time wasn’t updated. Suppose that you update a record after 20 minutes. That’s 5 minutes after the last active session time is checked. Your timeout resets, and you have another 30 minutes before being logged out, for a total of 50 minutes.




          In addition to this, if you refer to the knowledge article here on how a current active session is calculated, it mentions the same thing where Salesforce "validates" an active session only after half the time of the total session duration defined.




          It is important to note that a current active session is not updated
          until halfway through the session's timeout period. For example, a
          session with a 30-minute timeout value does not begin to check for
          activity until the last 15 minutes of the session. Regardless of
          activity during the first half of the session, if no activity is
          detected in the latter half, the session will time out.




          So in your case, let's say if the timeout is set to 2 hours, but if a User performed an activity say in 59th minute, the session duration is still 2 hours. However if the User performed the activity say at 61st minute, the session will be again extended by 2 hours. So at any point of the time, the 2 hours window is always guaranteed.



          For the other part of the question:




          1. Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.



          Yes. A session will always be revoked if ended by the User or by an Admin.






          share|improve this answer






















          • Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
            – Folkert
            Aug 14 at 7:17










          • I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
            – Jayant Das
            Aug 14 at 12:03














          up vote
          3
          down vote













          Separating your questions.




          1. My question is however, is this value of 2 hours guaranteed as a
            minimum session length? Will it always be at least 2 hours?



          Yes and No (No if a User ends the session early). Based on the documentation link you have mentioned it states the behavior in detail:




          The last active session time value isn’t updated until halfway through the timeout period. So if you have a 30-minute timeout, the system doesn’t check for activity until 15 minutes have passed. For example, if you update a record after 10 minutes, the last active session time value isn’t updated because there was no activity after 15 minutes. You’re logged out in 20 more minutes (30 minutes total), because the last active session time wasn’t updated. Suppose that you update a record after 20 minutes. That’s 5 minutes after the last active session time is checked. Your timeout resets, and you have another 30 minutes before being logged out, for a total of 50 minutes.




          In addition to this, if you refer to the knowledge article here on how a current active session is calculated, it mentions the same thing where Salesforce "validates" an active session only after half the time of the total session duration defined.




          It is important to note that a current active session is not updated
          until halfway through the session's timeout period. For example, a
          session with a 30-minute timeout value does not begin to check for
          activity until the last 15 minutes of the session. Regardless of
          activity during the first half of the session, if no activity is
          detected in the latter half, the session will time out.




          So in your case, let's say if the timeout is set to 2 hours, but if a User performed an activity say in 59th minute, the session duration is still 2 hours. However if the User performed the activity say at 61st minute, the session will be again extended by 2 hours. So at any point of the time, the 2 hours window is always guaranteed.



          For the other part of the question:




          1. Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.



          Yes. A session will always be revoked if ended by the User or by an Admin.






          share|improve this answer






















          • Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
            – Folkert
            Aug 14 at 7:17










          • I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
            – Jayant Das
            Aug 14 at 12:03












          up vote
          3
          down vote










          up vote
          3
          down vote









          Separating your questions.




          1. My question is however, is this value of 2 hours guaranteed as a
            minimum session length? Will it always be at least 2 hours?



          Yes and No (No if a User ends the session early). Based on the documentation link you have mentioned it states the behavior in detail:




          The last active session time value isn’t updated until halfway through the timeout period. So if you have a 30-minute timeout, the system doesn’t check for activity until 15 minutes have passed. For example, if you update a record after 10 minutes, the last active session time value isn’t updated because there was no activity after 15 minutes. You’re logged out in 20 more minutes (30 minutes total), because the last active session time wasn’t updated. Suppose that you update a record after 20 minutes. That’s 5 minutes after the last active session time is checked. Your timeout resets, and you have another 30 minutes before being logged out, for a total of 50 minutes.




          In addition to this, if you refer to the knowledge article here on how a current active session is calculated, it mentions the same thing where Salesforce "validates" an active session only after half the time of the total session duration defined.




          It is important to note that a current active session is not updated
          until halfway through the session's timeout period. For example, a
          session with a 30-minute timeout value does not begin to check for
          activity until the last 15 minutes of the session. Regardless of
          activity during the first half of the session, if no activity is
          detected in the latter half, the session will time out.




          So in your case, let's say if the timeout is set to 2 hours, but if a User performed an activity say in 59th minute, the session duration is still 2 hours. However if the User performed the activity say at 61st minute, the session will be again extended by 2 hours. So at any point of the time, the 2 hours window is always guaranteed.



          For the other part of the question:




          1. Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.



          Yes. A session will always be revoked if ended by the User or by an Admin.






          share|improve this answer














          Separating your questions.




          1. My question is however, is this value of 2 hours guaranteed as a
            minimum session length? Will it always be at least 2 hours?



          Yes and No (No if a User ends the session early). Based on the documentation link you have mentioned it states the behavior in detail:




          The last active session time value isn’t updated until halfway through the timeout period. So if you have a 30-minute timeout, the system doesn’t check for activity until 15 minutes have passed. For example, if you update a record after 10 minutes, the last active session time value isn’t updated because there was no activity after 15 minutes. You’re logged out in 20 more minutes (30 minutes total), because the last active session time wasn’t updated. Suppose that you update a record after 20 minutes. That’s 5 minutes after the last active session time is checked. Your timeout resets, and you have another 30 minutes before being logged out, for a total of 50 minutes.




          In addition to this, if you refer to the knowledge article here on how a current active session is calculated, it mentions the same thing where Salesforce "validates" an active session only after half the time of the total session duration defined.




          It is important to note that a current active session is not updated
          until halfway through the session's timeout period. For example, a
          session with a 30-minute timeout value does not begin to check for
          activity until the last 15 minutes of the session. Regardless of
          activity during the first half of the session, if no activity is
          detected in the latter half, the session will time out.




          So in your case, let's say if the timeout is set to 2 hours, but if a User performed an activity say in 59th minute, the session duration is still 2 hours. However if the User performed the activity say at 61st minute, the session will be again extended by 2 hours. So at any point of the time, the 2 hours window is always guaranteed.



          For the other part of the question:




          1. Or is it possible that it might be shorter if we do not count the session being ended by the user logging out or the OAuth token being revoked for example.



          Yes. A session will always be revoked if ended by the User or by an Admin.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Aug 13 at 15:34

























          answered Aug 13 at 15:27









          Jayant Das

          6,3421320




          6,3421320











          • Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
            – Folkert
            Aug 14 at 7:17










          • I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
            – Jayant Das
            Aug 14 at 12:03
















          • Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
            – Folkert
            Aug 14 at 7:17










          • I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
            – Jayant Das
            Aug 14 at 12:03















          Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
          – Folkert
          Aug 14 at 7:17




          Sorry, maybe I was unclear in my question. I know about the session reset (as mentioned in my question) and the session being ended by the user logging out or the admin revoking it. But, ignoring these 2 scenarios, are there any other reasons that a session might be shorter than the setting? The documentation does not seem to confirm it by specifically stating it.
          – Folkert
          Aug 14 at 7:17












          I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
          – Jayant Das
          Aug 14 at 12:03




          I wouldn’t think so. And other than these two scenarios I couldn’t think anything other than a n/w failure which could end a session.
          – Jayant Das
          Aug 14 at 12:03

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f228678%2fis-session-duration-guaranteed%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?