locked
HealthVault never expires RRS feed

  • Question

  •  Hi, everyone,

     

    I am working on a multiple records application right now, and I happened to find the HealthVault session will never expire. The symptom is: a user signed in HealthVault and returned back to our application, and then he waits there for at least 1 hour, the strange thing is after so long time, our application can still pull out his data from HealthVault, the session never expires. Is there some setting I must do to enforce the security and make sure the session will expire at specified time.

     

    Looking forward to hearing your feedback soon.

     

    Kane Wang

    Senior Application Developer

    Guide Productions (www.guideproductions.com)

     

    Wednesday, May 14, 2008 5:29 PM

Answers

  • The WCToken returned by HealthVault has an 1 day expiration by default but we could change that at any time if we see the need.  The .NET APIs use the WCPage_CookieTimeoutMinutes to decide when the browser cookie which stores the WCToken should expire.  This defaults to 20 minutes but can be configured in the web.config for you application to whatever you want.

     

    Jeff Jones

    Thursday, May 15, 2008 2:42 PM