Session Timeout


Session timeout occurs when a user does not perform any action on a web site during an interval (defined by a web server). The event, on the server side, changes the status of the user session to ‘invalid’ (ie. “not used anymore”) and instructs the web server to delete all data contained in the session.

OWASP recommends application builders to implement short idle time outs (2-5 minutes) for applications that handle high-risk data, like financial or healthcare information. It considers that longer idle time outs of between 15 and 30 minutes are acceptable for low-risk applications.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center