User Session Timeout
The User Session Timeout feature allows you to define a maximum idle time, ensuring that sessions are automatically terminated after a period of inactivity. It also allows you to define a maximum session time to avoid sessions staying open indefinitely. This implementation increases the platform’s security, protecting sensitive user data and preventing unauthorized access due to prolonged sessions.
By using this feature, you’re able to:
- Configure a maximum idle time and session timeout to attend to compliance and security policies.
- Guarantee users’ sessions and data are protected.
Implementation
| Scope | Resource |
|---|---|
| Configure User Session Timeout | How to configure User Session Timeout |
Main configurations
A session timeout policy determines the maximum idle time for session termination and the maximum session time.
Go to Configuring User Session Timeout guideMaximum idle time
Maximum idle time refers to the period of inactivity after which a session is automatically terminated. It’s defined by any API call or interface interaction within a session; if the time since the last access meets or exceeds the configured idle time, the session the session will expire, and the user will be logged out.
If the idle time setting is updated, active sessions will automatically conform to the new policy. For instance, if the idle time is reduced, sessions created before the update must follow the new duration and may be terminated if needed.
The idle time must range between 1 minute and the configured maximum session time. The value must be in minutes.
By default, the maximum idle time allowed is 1440 minutes, equivalent to 1 day.
Session time
Maximum session time limits the total time a session can remain active, regardless of activity, ensuring sessions don’t stay open indefinitely.
If the maximum session time setting is updated, active sessions will automatically conform to the new policy. For instance, if the maximum session time is reduced, sessions created before the update must follow the new duration and may be terminated if needed.
The time for this setting should be between 5 minutes and 15 days. The default value is 21600, equivalent to 15 days in minutes. The value must be in minutes.
Contributors
