Proactively Invalidate Sessions After Defined Durations

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • The glide.active.session.timeout.invalidate.session property controls whether a timeout session is proactively invalidated before the Tomcat server.

    When glide.active.session.timeout.invalidate.session isn't set to true, there’s a small interval of time where a timed-out session isn’t invalidated proactively before the Tomcat container invalidates the session. The duration of this time interval is dependent on additional properties representing differing use cases.

    Property Description
    glide.ui.active.session.life_span The value of this property defines the time, in minutes, before a UI session is invalidated.
    glide.guest.active.session.life_span The value of this property defines the time, in minutes, before a guest session is invalidated.
    glide.integrations.active.session.life_span The value of this property defines the time, in minutes, before an integrations session is invalidated.

    Ensure that the property glide.active.session.timeout.invalidate.session is set to true.

    More information

    Attribute Description
    Configuration name
    • glide.active.session.timeout.invalidate.session
    • glide.ui.active.session.life_span
    • glide.guest.active.session.life_span
    • glide.integrations.active.session.life_span
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value false
    Fallback value false
    Category Session management
    Security risk
    • Severity score: 4.6
    • CVSS score: Medium
    • Security risk details: If a session is hijacked, an attacker may be able to use a session during this small period.
    Dependencies and prerequisites None