Re: [users@httpd] httpd session timeout

2016-08-24 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Roger, On 8/24/16 9:53 AM, Roger Paanini wrote: > Chris, I am testing it by logging into the website using basic > authentication and then waiting for the time out duration and try > to access the page again. I am expecting to be challenged for > c

Re: [users@httpd] httpd session timeout

2016-08-24 Thread Marat Khalili
> I am testing it by logging into the website using basic authentication [...] Session you are observing is browser-based, not server-based. Your browser repeats once learned credentials in every request until it's restarted (may depend on the browser of course). And server verifies credentials

Re: [users@httpd] httpd session timeout

2016-08-24 Thread Roger Paanini
Forgot to mention... I am using httpd as a reverse proxy. But the downstream server has no notion of a user or sessions. On Wed, Aug 24, 2016 at 8:53 AM, Roger Paanini wrote: > Chris, I am testing it by logging into the website using basic > authentication and then waiting for the time out durat

Re: [users@httpd] httpd session timeout

2016-08-24 Thread Roger Paanini
Chris, I am testing it by logging into the website using basic authentication and then waiting for the time out duration and try to access the page again. I am expecting to be challenged for credentials again when I tried to access the page after the timeout. But I am never challenged after the tim

RE: [users@httpd] httpd session timeout

2016-08-23 Thread Wasick, Tyler
Check the logs for httpd. From: Roger Paanini [mailto:rogerpaan...@gmail.com] Sent: Tuesday, August 23, 2016 3:26 PM To: users@httpd.apache.org Subject: [users@httpd] httpd session timeout Folks, I have tried to configure httpd with session timeout but it does not seem to work. My httpd.conf has

Re: [users@httpd] httpd session timeout

2016-08-23 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Roger, On 8/23/16 4:26 PM, Roger Paanini wrote: > Folks, I have tried to configure httpd with session timeout but it > does not seem to work. My httpd.conf has the following: > > Session on SessionMaxAge 1 AuthType Basic *** > > I was trying to pu