TsgcWebSocketHTTPServer › Properties › SessionTimeOut
Idle timeout, in milliseconds, after which an HTTP session is considered expired and eligible for removal.
public int SessionTimeOut { get; set; }0 (inherited Indy default)
Once SessionState is enabled, SessionTimeOut defines how long — in milliseconds — a session may stay idle before it is marked as invalid and eventually removed by the internal session-sweeping thread. A request that arrives with an id matching an expired session triggers OnInvalidSession so you can react (log the user out, issue a new session, etc.). Pick a timeout that balances security (short sessions) against user experience (long sessions).
oServer = new TsgcWebSocketHTTPServer();
oServer.SessionState = true;
oServer.SessionTimeOut = 600000; // 10 minutes
oServer.Active = true;