A client of ours has some very strict IT security rules for vendor systems that will contain sensitive data. One such rule is that a user may not be logged in for more than 10 hours without re-authenticating, regardless of activity.
I believe this is different from session-timeout in web.xml which seems to deal with inactivity timeouts.
Can you please help me understand how I can meet this requirement, if possible?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.