Specifically, can I count on the session token to remain active forever unless the logout service is invoked for that session?
Are there any other actions/activities/inactivities/etc that cause the session token to become invalid?
Thanks for all of your help so far!
Hi Garrett,
Session token lifetime is 120 minutes. Thereafter the key is not valid.
Is this time (ie. 120 minutes) configurable at all? Can it be changed?
Today is only configureable by us. We are looking into ways to make this an option for each user.
Thanks for the feedback.
Just to clarify, will the session token expire after 120 minutes regardless of whether or not the user is still using the application?
For example, if the user logs in, and is using the application for over 2 hours (ie. sending API requests to the database), will their session expire after 120 minutes?
Or, will the session token expire only after 120 minutes of "idle time" (ie. 120 minutes without any API requests to the database)?
I would be inconvenient if it expired after 120 minutes even if the user was continuously using the application...
Since last user activity.
So is there no way to permanently log in a user? For my app registering is essential but logging in is just an annoying extra step. On mobile most user expect to log in and then 'forget' about it and just use the app as they wish. I'm concerned making them log in every two hours will be a pain (and support email) issue.
Hello!
1) Token is expired if it's not used for 120 minutes
2) You can check if token is expired and do "hidden login" without user participation https://getsatisfaction.com/apperyio/...