3 Mar
1999
3 Mar
'99
8:20 a.m.
What you could do, is write your own UserFolder/User combo, that stores a last-access time on the User object, and checks for this every time a user is authenticated. If the difference is greater than, say 15 minutes, you force a reauthentication by raising a permission denied.
I tried playing with this once upon a time, but I found that the stupid browser still cached the original result and would continue to use it after the failed login/relogin combination. Most frustrating. Anthony