setSessionTimeout

setSessionTimeout(timeoutValue: Integer) updating;

The setSessionTimeout method of the Application class enables you to dynamically set the timeout period for all web sessions that are subsequently created.

Use the timeoutValue parameter to specify in minutes the period at which the web session ends if no requests have been received within that time. By default, web sessions do not time out.

The maximum time out value is 1439, which corresponds to 23 hours and 59 minutes.

Web Form applications that have a log‑in mechanism or that store any privileged information in the session object must call the WebSession class secureSession method before storing any information or setting any flags that might authenticate the currentSession object. This is necessary to prevent session fixation vulnerabilities (https://owasp.org/www-community/attacks/Session_fixation).

Applications that need secure sessions must also have a session timeout configured; that is, in the Session Timeout text box on the Web Options sheet of the Define Application dialog or by implementing your own handling to remove sessions.

See also the Application class getSessionTimeout method.