Session Timeout

david-anderson · May 24, 2016, 12:10pm

I was just wondering how long the session timeout is if logging in with ‘stayLoggedIn’ is true on the SERVER SIDE of things. Ie how long can you call isValidLogin and the session still return true?

I’ve set my app (JS) up so that whenever it opens, I use Backendless.UserService.isValidLogin to check the current session id. If this returns false then I log the user out.

I don’t have a session timeout set in the User configuration part of the api config. (set to off)

The behaviour I want is that once the user is logged in they are logged in indefinitely.

Also, when making a REST request for login, can the password be hashed before it is sent?

I ask (2) as a solution to (1) if there is a timeout would be to cache the password however I wouldn’t want to cache an unhashed password.

anatolii-stepaniuk · May 25, 2016, 8:00am

Hi, David!

UserService.isValidLogin will return true when user-token is valid. user-token is valid for 30 days from the last request with this user-token.
So you can save the user-token on the client and use it for clients requests - that will renew the user-token for the next 30 days.