Is it possible to have separate session timeout values for frontend and backend? I want customers to have 2 hour sessions, but admins should only have 15 minutes sessions per PCI:
[quote]8.1.8 If a session has been idle for more than 15 minutes, require the user to re-authenticate to re-activate the terminal or session.[/quote]
Does the SESSION_ALIVE_TIME variable in config.php control both frontend and backend?