2.7.3 Session time out and Token Management

Session timeout represents the event occurring when a user do not perform any action on a web site during a interval (defined in application). The event, on server side, change the status of the user session to 'invalid' (ie. "not used anymore") and instruct the Application/web server to destroy it (deleting all data contained into it). Application allows defining the session time out.

The default value for session time out is 30 minutes.

The entire subsequent request within the session will be having the Authenticated and Cross-site request forgery tokens. Every request send to the application from the browser is validated against the IsAuthenticated attribute and Cross-site request forgery token.