Absolute session timeout (instance security hardening)
Use the glide.ui.user_cookie.max_life_span_in_days property to set a maximum life span for user cookies created when users log in with the Remember Me checkbox selected. When the cookie expires, users who have selected the Remember Me checkbox are forced to reauthenticate into the instance.
It enables the user cookie to be valid for the duration of specified days, starting when the cookie was first issued. The default value is 30 days, and the maximum cap is at 365 days.
Note:
To enforce a maximum session time for any active user sessions, see Configure a maximum active time for user sessions.
More information
| Attribute | Description |
|---|---|
| Property name | glide.ui.user_cookie.max_life_span_in_days |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | To force users who have selected the Remember Me checkbox to reauthenticate after specific days. |
| Functional Impact | This property enforces mandatory relogin by avoiding any sort of cookie rotation after a given timeframe. |
| Security risk | (Medium) The user cookies being active for an indefinite amount of time is a security risk and should expire on a time-based configuration. |
| References | Available system properties |
To learn more about adding or creating a system property, see Add a system property.