Solved

Why my SharePoint foundation 2010 site does not time out?

Posted on 2013-11-07
4
516 Views
Last Modified: 2013-11-16
Hi,

I have a SharePoint Foundation 2010 site..... This site works fine but there is only one thing that is killing me. When I login and then I stop interacting with the site it never signs me out! I think it should do it!!! What if I'm in a public computer and for some reason I forget to logout.... it will stay in and someone could just have access to this site!! Why do you think a session never times out? How can I fix this?



Thanks for you help in advance!
0
Comment
Question by:hugonieto
  • 2
  • 2
4 Comments
 
LVL 44

Expert Comment

by:Rainer Jeschor
ID: 39631372
Hi,
what kind of authentication do you use?
If you use Windows Authentication AND you access the site from a domain joined machine AND you have configured IE to automatically send your login credentials then your session will always be re-initiated.
From a public/not domain joined computer, as soon as you close the browser (and for security I would also recommend to delete the browsers history as well as any cookies) you would not be automatically logged in (assuming that you do not store your used windows credentials in Win 7 user store).

HTH
Rainer
0
 

Author Comment

by:hugonieto
ID: 39633527
Thanks for your help RainerJ,


I use Windows Authentication and I have tested it from a Domain and public/not Domain. Actually, I have not done anything to the IE. I tried the site with Firefox, google chrome, and IE 10. None of these browsers times out my session after a period of time without an interaction. When I close IE without signing out and reopen the site it actually ask me for my credentials again which is good but it is the only one that does this. However, the others do not do that.... they sign me in automatically! Which probably has something to do with their cookies... I'm not sure.

So, probably SharePoint 2010 foundation does not have an option to set a specific time where the site will sign you out automatically if there is not an interaction without having to close the browser... I might be wrong....
0
 
LVL 44

Accepted Solution

by:
Rainer Jeschor earned 500 total points
ID: 39633745
Hi,
IE settings in domains are normally managed/configured centrally through group policies.
Depending on the url of your SharePoint site and the configuration, the sites url is part of the local intranet zone. In IE security settings of this zone, the credentials are sent automatically by default.
Some companies also configure "Trusted Sites" to send credentials automatically.

SharePoint does normally not use sessions - it has something else implemented which can be configured in Central Admin:
Central Admin -> Manage Web Applications -> select your web app -> General Settings -> Web Page Security validation which is by default set to 30 minutes.

And time of interaction:
if (and thats just a guess) you have some customized / coded web parts which dynamically load data using AJAX e.g. every minute, then you have an interaction every minute :-)

Not sure about Chrome and FF - I think it depends on their configuration about saving login/passwords and resending this information.

HTH
Rainer
0
 

Author Comment

by:hugonieto
ID: 39654079
Thanks a lot Rainer! All this info is really helpful!
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Access_log 17 121
Setup IIS website to use ADFS authentication 25 97
Sharepoint data after Hyper-V restore 4 11
FTP Directory Permissions 3 28
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question