Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Best Practice 4_Security_TM: Limit UI Active Session Life Span

Tanushree Maiti
Kilo Patron

‎02-21-2026 04:16 AM - edited ‎02-26-2026 07:57 AM

 

Use the glide.guest.active.session.life_span property to control the duration of an active guest's HTTP sessions.

 

The glide.guest.active.session.life_span property enforces a maximum lifespan on active guest HTTP sessions, irrespective of their session inactivity or the amount of time a user is inactive before their session times out and closes. The configured value is in minutes. A value of zero will disable timing out the active sessions. A larger value could allow an attacker to remain in a stolen session for longer, increasing the possibility of a security incident. This property is limited to guest users, which have low privilege access to an instance.

 

If you check your PDI , Default value of glide.guest.active.session.life_span property is 0.

 

Security risk details: Setting the maximum lifespan to a large value gives a bad actor more time within an instance in the event that they steal a session.

 

Servicenow Recommendation :

To remediate this security vulnerability, set glide.guest.active.session.life_span to a value greater than 0 and less than or equal to 720.

 

Ref: Limit UI active session life span [New in Security Center 1.3] • Zurich Platform security • Docs | S...

 

#Article #Security #Best Practice #Architect  #ServiceNow Platform

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls
  • 1,141 Views
2 REPLIES 2

GlideFather
Tera Patron

‎02-21-2026 12:21 PM

Hi @Tanushree Maiti,

 

your post looks identical as the official Docs:

 

 

Screenshot 2026-02-21 at 20.17.26.png

Wouldn't it be fair to include a source when using content that was not written by you? What do you say?

 

_____
Answers generated by GlideFather. Check for accuracy.

Tanushree Maiti
Kilo Patron
In response to GlideFather

‎02-21-2026 07:45 PM - edited ‎02-21-2026 07:45 PM

Hi @GlideFather 

Any where I have mentioned that it is my recommendation? clearly it is written it's Servicenow Recommendation. 

I forgot to add ref. As per your concern - added Source link.

Thank you that that you went through the post and giving your 'valuable' comment! 😁

 

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls