Skip to main content
Skip table of contents

Controlling session timeouts in the Portal

Overview

To prevent Cross-Site Request Forgery (CSRF), Portal sessions are time-limited and protected by secure tokens.

By default, a token remains valid for 8 hours. If you are inactive for more than 8 hours while in a Portal session, your next action in Portal redirects you to the login page.

By default, sessions are valid for 24 hours. After continuously using Portal for 24 hours, the session expires, and you must log in again to renew the session.

Setting token validity periods and session timeouts

Contact Nexthink Support to configure token validity periods and the maximum duration of sessions.

Long intervals make Portal vulnerable to CSRF attacks.

The following parameters control token validity and session durations:

Parameter

Default value

Description

globalconfig.portal.session.token-validity-period

8 h

Sets the value for the validity time of portal session tokens.

Minimum value: 5 minutes

globalconfig.login-server.token.validity_period

8 h

Sets the value for the validity time of tokens.

Minimum value: 5 minutes

globalconfig.portal.session.maximum-session-lifetime

24 h

Sets the value for the validity time of sessions.

The value can be expressed in minutes, for example: 1440 m

Overriding session timeouts

You can grant users a special privilege that keeps them logged in indefinitely. The configured session timeout value does not affect such users.

For more information, refer to the Setting personal data and profile section in the Users documentation.


RELATED TASK

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.