Limit UI active session life span [New in Security Center 1.3]
The glide.ui.active.session.life_span property enforces max lifespan on active authenticated HTTP sessions irrespective of inactive timeout.
Reduce the scope of potential security incidents by decreasing the lifespan of active HTTP sessions. The glide.ui.active.session.life_span system property enforces a maximum lifespan on active HTTP sessions irrespective of inactive timeout. Longer maximum lifespans can allow an attacker to use a stolen session for a longer time, increasing the scope of a security incident. The default value of 0 disables timeout of active sessions
Set the glide.ui.active.session.life_span to a value between 1 and 720. This value represents the time in minutes that HTTP sessions can remain active.
Remarque :
The glide.ui.active.session.life_span is limited to UI session timeout.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.ui.active.session.life_span |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | integer |
| Recommended value | 1-720 |
| Default value | 0 |
| Category | Session management |
| Security risk |
|
| Dependencies and prerequisites | None |
| Functional impact | Enforces max life-span on active authenticated HTTP sessions irrespective of inactive timeout. The configured value is in minutes. A value of zero will disable timing out the active sessions. The max life-span should be more than inactive timeout glide.ui.session_timeout (default 30 minutes). |