Minimize absolute session timeout duration [Updated in Security Center 1.3]
Use the glide.ui.user_cookie.max_life_span_in_days property to set a maximum life span for user cookies created when users log in with the Remember Me checkbox selected. When the cookie expires, users who have selected the Remember Me checkbox are forced to reauthenticate into the instance.
It enables the user cookie to be valid for the duration of specified days, starting when the cookie was first issued. The default value is 30 days, and the maximum cap is at 365 days.
주:
To enforce a maximum session time for
any active user sessions, see Managing user sessions.
More information
| Attribute | Description |
|---|---|
| Property name | glide.ui.user_cookie.max_life_span_in_days |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Session management |
| Purpose | To force users who have selected the Remember Me checkbox to reauthenticate after specific days. |
| Recommended value | Less than or equal to 30 |
| Default value | 30 days |
| Functional impact | This property enforces mandatory relogin by avoiding any sort of cookie rotation after a given timeframe. |
| Security risk rating | 4.2 |
| Security risk | (Medium) The user cookies being active for an indefinite amount of time is a security risk and should expire on a time-based configuration. |
| References | Available system properties |
To learn more about adding or creating a system property, see Add a system property.