Limit guest's active session life span [New in Security Center 1.3]

Rversion finale: Australia

Mis à jour 12 mars 2026

1 minute de lecture

Use the glide.guest.active.session.life_span property to control the duration of an active guest’s HTTP sessions.

The glide.guest.active.session.life_span property enforces a maximum lifespan on active guest HTTP sessions, irrespective of their session inactivity or the amount of time a user is inactive before their session times out and closes.

The configured value is in minutes. A value of zero will disable timing out the active sessions. A larger value could allow an attacker to remain in a stolen session for longer, increasing the possibility of a security incident. This property is limited to guest users, which have low privilege access to an instance.

To remediate this security vulnerability, set glide.guest.active.session.life_span to a value greater than 0 and less than or equal to 720.

More information


Attribute	Description
Configuration name	glide.guest.active.session.life_span
Configuration type	System Properties (/sys_properties_list.do)
Data type	integer
Recommended value	1-720 (minutes)
Default value	0
Category	Session management
Security risk	Severity score: 4.2 CVSS score: Medium Security risk details: Setting the maximum lifespan to a large value gives a bad actor more time within an instance in the event that they steal a session.
Dependencies and prerequisites	None
Functional impact	This configuration enforces max life-span on active guest HTTP sessions irrespective of inactive timeout. The configured value is in minutes. A value of zero will disable timing out the active sessions. The max life-span should be more than the inactive timeout glide.ui.session_timeout (default 30 minutes).