0

A web application is supposed to timeout a user session & log him out after N minutes. I don't know what N is or how the session timeout logout mechanism is implemented.

I want to test what happens on session timeout by causing timeout instantly. Is there a way to tinker with the front end such that it causes a timeout instantly, OR do I need to change back end to cause an instant timeout ?

Improve this question
2
  • 1
    If there is any question of security around the timeout, then triggering it from the front-end would be insufficient-- any bad actor with some know-how could circumvent whatever you were doing to trigger the instant session timeout. Commented Aug 1, 2017 at 1:31
  • see stackoverflow.com/questions/33233152/… Commented Aug 1, 2017 at 1:49

1 Answer 1

Reset to default
0

Usually, this should be implemented at backend. On mostly Web Server or App Server, the user session is stored at cache system such as memcached or redis. When user log in, we store the session-ID(cookie) to cache. Meanwhile, you can set an expire time on this key, after the expire time the session-ID will be deleted form cache.

When user request to server, the request will take the cookie to identify the session. And you can update the expire time at this time. When the session timeout and the key is deleted, the new request comes, it will be redirected to login page.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.