Different Timeouts for public/private machines

Cantor, Scott cantor.2 at osu.edu
Tue Nov 8 15:15:38 GMT 2011

On 11/8/11 10:01 AM, "Khanna, Sumit (khannast)" <khannast at UCMAIL.UC.EDU>

>I had a question about SSO timeouts. I realize the PreviousSession login
>handler defined in the handler.xml is what allows for SSO, but I don¹t
>see a lot of documentation on it other than this:

The code's very short. If you're even slightly concerned about these
issues, you need to read all of the authentication related code. Start
with the AuthenticationEngine and you can read the login handlers, which
are very short and simple.

>We¹re trying to implement different SSO timeouts. On the login.jsp page,
>we¹d like the user to be able to select from a radio button if they¹re on
>a public or private computer (similar to Outlook Web Access) and define a
>10 minute SSO timeout for public and an hour for private.

You need a custom login handler. The documentation that exists on that is
what it is. It's in the wiki. There are examples on the contribution page
as well.

Further questions on it should go to the dev list.

-- Scott

More information about the users mailing list