Token Expiration Question

Posted on 2018-01-12
Low Priority
Last Modified: 2018-01-13
I have an application which has a token set to officially expire after 30 minutes. If inactive at the 20- minute mark, it looks back 5 minutes for activity. If none exists, it kills the session. The majority of the users do work in the first 10 minutes and usually tend to other tasks. They are frustrated with our settings and are asking us to check back farther than 5 minutes and the 20-minute mark.

What makes sense to do here in accordance with best practice?
Question by:Razzy User

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Join & Write a Comment

Data security in the cloud is very much like a security in an on-premises data center - only without costs for maintaining facilities and computer hardware.
To share tips on how to stay ALERT and avoid being the next victim - at least not due to your own poor cyber habits and hygiene!
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question