none
Session Management in SharePoint 2013

    Question

  • Hi,

    I want to implement Session Management for SharePoint 2013 web application. I'm facing two issues :-

    1) When we tried logging out of the application and tried to access the page again the session still persist and the page is accessible without asking any kind of authentication. How to manage this ?

    2) How to configure the session timeout i.e. even after few hours of inactivity the session was still accessible. ?


    Vipul Jain

    Monday, December 02, 2013 8:28 PM

Answers

  • The only way for that to happen is to remove the site from the Intranet zone or disable passing through credentials in the Intranet Zone.

    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Sunday, December 08, 2013 5:11 PM
    Moderator

All replies

  • What type of authentication are you using?

    1) Will be correct for Windows auth (NTLM or Kerberos), especially if the site resides in the Intranet Zone (automatic pass thru of credentials). For FBA, you'll have to kill the session cookie and close the browser.

    2) Let us know what type of authentication you're using and if this is Classic or Claims. For Claims see http://blogs.technet.com/b/speschka/archive/2010/08/09/setting-the-login-token-expiration-correctly-for-sharepoint-2010-saml-claims-users.aspx.


    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Monday, December 02, 2013 8:33 PM
    Moderator
  • Hi,

    We are using Claims based Windows Authentication. FBA is not used. We tried the blog/link which you mentioned for Claims-based application , but its not working :(


    Vipul Jain

    Tuesday, December 03, 2013 8:23 AM
  • We tried the blog/link which you mentioned for Claims-based application , but its not working :(


    I've just read the blog, the link is working.
    Tuesday, December 03, 2013 8:29 AM
  • Hi Roche,

    I meant by "the link is not working" is that link is opening but we tried implementing whatever is given in the blog  ,its not working :(.. Hopefully  ,I'm clear in what I want to say !!!


    Vipul Jain

    Tuesday, December 03, 2013 8:36 AM
  • Hi,

    We are using Claims based Windows Authentication. FBA is not used. We tried the blog/link which you mentioned for Claims-based application , but its not working :(


    Vipul Jain

    So what you're probably seeing is normal behavior. Site is in the Intranet Zone and automatically passes the user's credentials to SharePoint, thus allowing a "seamless" login.

    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Tuesday, December 03, 2013 3:22 PM
    Moderator
  • Hi,

    Yes we are using it in intranet zone  ,at the same time for internet users using DNS mapping. The behavior should be such that when user logs out from a session and open the same url in another window/tab of the same browser, it should ask for user credentials ?? 


    Vipul Jain

    Sunday, December 08, 2013 2:59 PM
  • The only way for that to happen is to remove the site from the Intranet zone or disable passing through credentials in the Intranet Zone.

    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Sunday, December 08, 2013 5:11 PM
    Moderator