I’m seeing some behaviors I don’t understand related to the session timeout setting in Lucee Admin.
-
If I set it to 0 days, 0 hours, 0 minutes, and 10 seconds, I can wait at least 30 seconds, maybe even longer, and hit the same admin page again, without being asked to log in again. Why is that? I thought my session would expire after 10 secs, and I’d need to log in again. Is there some hidden minimum value? (Just to be clear, I only did this for testing some related code under development, it’s not practical for real life.)
-
With that same admin setting, getApplicationSettings().sessionTimeout comes back as 0.020833333333, which as I understand it is a timespan, i.e., a number of days, so that value * 24 * 60 is minutes === 30 minutes. Why doesn’t that line up with what I see in Lucee Admin?
-
It doesn’t appear that sessions actually time out in the 30 minutes that indicates either. It’s significantly shorter than that, though longer than the 10 secs set in admin, as noted above. I didn’t try to nail down exactly how long it actually is, didn’t see the point, would rather understand.
Am I thinking about this completely wrong? It seems pretty basic, but something’s clearly not right, either in Lucee or my understanding. This is Lucee 4.5.5.006, if that matters.