To accommodate the increasing requirements for login security, ListManager has switched to a form-based login in order to enable true login sessions. The previous HTTP Authentication method provided no mechanism for truly logging out; the current version allows server administrators to set time-out periods which require users who have been idle for a sufficiently long time to sign-in again in order to re-authenticate. Additionally, users can be forced to re-authenticate when their sessions expire.
Session Logins Enabled
By default this is set to yes, which is the preferred setting. Selecting no causes ListManager to use "basic" authentication, which was the authentication used in version prior to 10.0.
Session Idle Timeout (minutes)
The amount of time you can go without clicking something in ListManager before your session times out, requiring you to log in again.
Session Max Lifetime (minutes)
The maximum length of a session, in minutes. This setting can prevent someone who "steals" your session cookie from having long-term access using that cookie; therefore, when choosing a maximum session length, your goal should be a time period that is comfortably long enough for you while not being so overly long that it diminishes security.
Session Login URL
The URL to the web page/form that processes your login. The default should be sufficient; however, you can change it if you want to customize the look and feel of the login page.
SSL Disabled Warning
If the server has SSL disabled, this is the message that is shown on the login screen as a warning to users that their login is not secure/protected.. This is optional; by default, there is no message.