About session ID management

0
I have a question about Mendix session management. If you know the following two points, please let me know. 1. When the session ID is received, is it a specification that verifies the validity of the session ID and immediately discards it if the session ID is invalid? 2. When the session ends (logout, timeout), is the session information retained in the application destroyed?
asked
1 answers
0

Hi,

When ever user logs in, a session will be created. So for each session the session ID is unique.

https://docs.mendix.com/refguide/tricky-custom-runtime-settings#2-2-general-settings

There are two constants that can be used to manage sessions. 

- Session Timeout: value determines, how long the user session is valid

- ClusterManagerActionInterval: determines when the invalid sessions are cleared

So, sessions are persisted but when session timedout, it becomes invalid. And all invalid sessions will be cleared. 

answered