Minimize session activity timeout duration

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Use the glide.ui.session_timeout property to designate, in minutes, activity timeout value.

    The glide.ui.session_timeout system property determines the user session timeout, which determines how long a user session stays active. If glide.ui.session_timeout is not set to the recommended value of 60 minutes or less, then the session may stay valid for long even without activity. This could provide too large of a time window to enable session hijacking attacks.

    Ensure that the property glide.ui.session_timeout is set to 60 or less.

    More information

    Attribute Description
    Configuration name glide.ui.session_timeout
    Configuration type System Properties (/sys_properties_list.do)
    Data type Integer
    Recommended value 60 or less
    Default value <none>
    Fallback value 30
    Category Session management
    Security risk
    • Severity score: 7.5
    • CVSS rating: High
    • Security risk details: A long session timeout allows inactive sessions to remain valid for extended periods, increasing the chance that an attacker could hijack the session before it expires.
    Functional impact This remediation enforces timely expiration of user account. No functionality impact, however User experience is altered.
    Dependencies and prerequisites None

    To learn more about adding or creating a system property, see Add a system property.