Re: [security-dev] SP side Http session time-out period

I believe you can configure sp session lifetimes in your apps web.xml   <session-config>         <session-timeout>15</session-timeout>     </session-config> -mike cirioli Hi, If I used ServiceProviderAuthenticator as my SP side, once a valid assertion comes back from IDP, and SP checked the assertion and created the local HttpSession (it is an HttpSession, right ?), what is that session's time-out period ? Is it configurable ? Thanks, Adam _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev