Solved

Why my SharePoint foundation 2010 site does not time out?

Posted on 2013-11-07
4
519 Views
Last Modified: 2013-11-16
Hi,

I have a SharePoint Foundation 2010 site..... This site works fine but there is only one thing that is killing me. When I login and then I stop interacting with the site it never signs me out! I think it should do it!!! What if I'm in a public computer and for some reason I forget to logout.... it will stay in and someone could just have access to this site!! Why do you think a session never times out? How can I fix this?



Thanks for you help in advance!
0
Comment
Question by:hugonieto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 44

Expert Comment

by:Rainer Jeschor
ID: 39631372
Hi,
what kind of authentication do you use?
If you use Windows Authentication AND you access the site from a domain joined machine AND you have configured IE to automatically send your login credentials then your session will always be re-initiated.
From a public/not domain joined computer, as soon as you close the browser (and for security I would also recommend to delete the browsers history as well as any cookies) you would not be automatically logged in (assuming that you do not store your used windows credentials in Win 7 user store).

HTH
Rainer
0
 

Author Comment

by:hugonieto
ID: 39633527
Thanks for your help RainerJ,


I use Windows Authentication and I have tested it from a Domain and public/not Domain. Actually, I have not done anything to the IE. I tried the site with Firefox, google chrome, and IE 10. None of these browsers times out my session after a period of time without an interaction. When I close IE without signing out and reopen the site it actually ask me for my credentials again which is good but it is the only one that does this. However, the others do not do that.... they sign me in automatically! Which probably has something to do with their cookies... I'm not sure.

So, probably SharePoint 2010 foundation does not have an option to set a specific time where the site will sign you out automatically if there is not an interaction without having to close the browser... I might be wrong....
0
 
LVL 44

Accepted Solution

by:
Rainer Jeschor earned 500 total points
ID: 39633745
Hi,
IE settings in domains are normally managed/configured centrally through group policies.
Depending on the url of your SharePoint site and the configuration, the sites url is part of the local intranet zone. In IE security settings of this zone, the credentials are sent automatically by default.
Some companies also configure "Trusted Sites" to send credentials automatically.

SharePoint does normally not use sessions - it has something else implemented which can be configured in Central Admin:
Central Admin -> Manage Web Applications -> select your web app -> General Settings -> Web Page Security validation which is by default set to 30 minutes.

And time of interaction:
if (and thats just a guess) you have some customized / coded web parts which dynamically load data using AJAX e.g. every minute, then you have an interaction every minute :-)

Not sure about Chrome and FF - I think it depends on their configuration about saving login/passwords and resending this information.

HTH
Rainer
0
 

Author Comment

by:hugonieto
ID: 39654079
Thanks a lot Rainer! All this info is really helpful!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email signature management is something that is often overlooked in many organizations or is simply not implemented effectively. Let's take a look at what methods are available for managing this important piece of corporate branding.
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question