Bug 57301 - Add SessionMaxAgeAbsolute Directive
Summary: Add SessionMaxAgeAbsolute Directive
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_session (show other bugs)
Version: 2.4.6
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-02 23:03 UTC by Christoph Rabel
Modified: 2014-12-02 23:03 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christoph Rabel 2014-12-02 23:03:50 UTC 
The SessionMaxAge Directive is reset at every request. While this is reasonable for a lot of usecases, company policies often require that sessions are terminated after a fixed time no matter what, even if the user is still online/working.

I therefore propose a new directive to specify an absolute SessionMaxAge.  When a session is saved, this time limit is NOT reset/updated.

As an alternative you could allow to redefine current behavior with a flag. This would not break existing configurations, but it would be less flexible. Some companies require even both, that sessions get destroyed after a fixed time AND that sessions time out.