-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Roger,
On 8/24/16 9:53 AM, Roger Paanini wrote:
> Chris, I am testing it by logging into the website using basic
> authentication and then waiting for the time out duration and try
> to access the page again. I am expecting to be challenged for
> c
> I am testing it by logging into the website using basic authentication [...]
Session you are observing is browser-based, not server-based. Your browser
repeats once learned credentials in every request until it's restarted (may
depend on the browser of course). And server verifies credentials
Forgot to mention... I am using httpd as a reverse proxy. But the
downstream server has no notion of a user or sessions.
On Wed, Aug 24, 2016 at 8:53 AM, Roger Paanini
wrote:
> Chris, I am testing it by logging into the website using basic
> authentication and then waiting for the time out durat
Chris, I am testing it by logging into the website using basic
authentication and then waiting for the time out duration and try to access
the page again. I am expecting to be challenged for credentials again when
I tried to access the page after the timeout. But I am never challenged
after the tim
Check the logs for httpd.
From: Roger Paanini [mailto:rogerpaan...@gmail.com]
Sent: Tuesday, August 23, 2016 3:26 PM
To: users@httpd.apache.org
Subject: [users@httpd] httpd session timeout
Folks, I have tried to configure httpd with session timeout but it does not
seem to work.
My httpd.conf has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Roger,
On 8/23/16 4:26 PM, Roger Paanini wrote:
> Folks, I have tried to configure httpd with session timeout but it
> does not seem to work. My httpd.conf has the following:
>
> Session on SessionMaxAge 1 AuthType Basic ***
>
> I was trying to pu