Could I change session timeout to 24 hours for all applications?

Reply
Highlighted
L4 Transporter

Could I change session timeout to 24 hours for all applications?

Hello,

 

I have two questions.

First, Could I change session timeout to 24 hours for all applications?

Each applicaitons have each different session timeout value.

My customer would like to change session timeout of all applications to 24 hours.

Do you knew way better easy?

 

Second,

I knew there are two way for changing session timeout.

The one is global session timeout and another is application session timeout.

For example, Oracle session timeout is 4 hours.

If I changed global time timeout to 24 hours and do not changed oracle session timeout.

Is oracle session timeout 4 hours? Is it right?

I knew applications session timeout time our are submmited  faster more than global session timeout. 

 

Thanks,

KC Lee

Highlighted
L4 Transporter

Re: Could I change session timeout to 24 hours for all applications?

only applications using the default timeout will be impacted by the globla timer changes. others have to be changed manually, one by one

Highlighted
L2 Linker

Re: Could I change session timeout to 24 hours for all applications?

Try this

set shared override application oracle tcp-timeout 86400

Works for me to avoid DB sessions dieing. Postges in my case

L7 Applicator

Re: Could I change session timeout to 24 hours for all applications?

Doing this will likely cause issues with the firewall's session table utilization. What would be the goal of doing that?

 

Applications you don't want to do this to:

dns - a DNS session generally lasts a few seconds, and there are LOTS of them. You'll rapidly fill your session table like this.

web-browsing - A typical web browsing session is terminated by the server as soon as the content is finished being delivered. Since it is probably among the most common app types, you'll fill the session table as above.

 

You can certainly change some apps that you're having trouble with the firewall ending after idle, but doing it globally would be way too aggressive.

 

-Greg

Highlighted
Cyber Elite

Re: Could I change session timeout to 24 hours for all applications?

I agree with Greg on this one.

 

I'd highly suggest to your customer to NOT set a timer globally so high.  I'm sure impact would depend on the platform and amount of traffic, but the resource impact would probably be significant.

 

Timeouts are based upon IETF standards and application requirements.  Deviations of these standards should be based upon specific needs.

 

Just because 5 applications out of 2,400+ need a non-standard timer doesn't mean you change the entire design of the box.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!