KBEC-00218 - Improving security by shortening the browser session duration

Description

This article describes how to shorten a Flow web GUI user session.

Solutions

1. Use session cookies - this setting change will not survive a Flow upgrade.
   1. find the php.ini file in the installation directory
   2. set the session.cookie_lifetime to 0
   3. restart Apache
2. Change the server setting "Idle login session timeout." It controls the number of minutes before an idle user session is terminated. The default value is 4320 or 3 days. Dropping the setting to 60 is be less convenient for the user but adds some security.
3. It may be possible to hook the main page with a javascript window.onunload() call that logs off the user.