KBEC-00218 - Improving security by shortening the browser session duration

Description

This article describes how to shorten a Flow web GUI user session.

Solutions

  1. Use session cookies - this setting change will not survive a Flow upgrade.
    1. find the php.ini file in the installation directory
    2. set the session.cookie_lifetime to 0
    3. restart Apache
  2. Change the server setting "Idle login session timeout." It controls the number of minutes before an idle user session is terminated. The default value is 4320 or 3 days. Dropping the setting to 60 is be less convenient for the user but adds some security.
  3. It may be possible to hook the main page with a javascript window.onunload() call that logs off the user.
Have more questions? Submit a request

Comments

Powered by Zendesk