Use a shorter timeout for the REST API's application sessions

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Fixed
    • 2.7.2
    • Component/s: REST
    • None

      Requests authenticating to Crowd's REST API will create a session. If clients use the same session cookie for subsequent requests then they can avoid reauthenticating, which may save time. However, as the only value of these sessions is for performance, there's no reason for the sessions to be long lived.

      Reduce the timeout to a minute. After that long, the cost of reauthenticating is negligible.

      At the same time, remove the code to delete Crowd sessions when the HttpSessions expire. They'll expire around the same time, which is good enough for them to provide indicative state.

            Assignee:
            joe
            Reporter:
            joe
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: