Two types of timeouts are defined:
- Login timeout
- Activity timeout
The Login timeout value defines how long a session can be alive without a logged-in user. The Login timeout could be helpful to mitigate Denial of Service attacks trying to overwhelm the server with a flood of unauthenticated requests. The Activity timeout value defines how long a session can be alive without any kind of activity. The Activity timeout is used to limit the amount of inactive session consuming server’s resources.