Get a first look at what's coming. The Developer Passport Australia Release Preview kicks off March 12. Dive in! 

Best Practice 4_Security_TM: Limit UI Active Session Life Span

Tanushree Maiti
Giga Sage

3 weeks ago - last edited 2 weeks ago

 

Use the glide.guest.active.session.life_span property to control the duration of an active guest's HTTP sessions.

 

The glide.guest.active.session.life_span property enforces a maximum lifespan on active guest HTTP sessions, irrespective of their session inactivity or the amount of time a user is inactive before their session times out and closes. The configured value is in minutes. A value of zero will disable timing out the active sessions. A larger value could allow an attacker to remain in a stolen session for longer, increasing the possibility of a security incident. This property is limited to guest users, which have low privilege access to an instance.

 

If you check your PDI , Default value of glide.guest.active.session.life_span property is 0.

 

Security risk details: Setting the maximum lifespan to a large value gives a bad actor more time within an instance in the event that they steal a session.

 

Servicenow Recommendation :

To remediate this security vulnerability, set glide.guest.active.session.life_span to a value greater than 0 and less than or equal to 720.

 

Ref: Limit UI active session life span [New in Security Center 1.3] • Zurich Platform security • Docs | S...

 

#Article #Security #Best Practice #Architect  #ServiceNow Platform

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
  • 840 Views
2 REPLIES 2

GlideFather
Tera Patron

3 weeks ago

Hi @Tanushree Maiti,

 

your post looks identical as the official Docs:

 

 

Screenshot 2026-02-21 at 20.17.26.png

Wouldn't it be fair to include a source when using content that was not written by you? What do you say?

 

_____
100 % GlideFather experience and 0 % generative AI

Tanushree Maiti
Giga Sage
In response to GlideFather

3 weeks ago - last edited 3 weeks ago

Hi @GlideFather 

Any where I have mentioned that it is my recommendation? clearly it is written it's Servicenow Recommendation. 

I forgot to add ref. As per your concern - added Source link.

Thank you that that you went through the post and giving your 'valuable' comment! 😁

 

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin: