> For the complete documentation index, see [llms.txt](https://docs.nexthink.com/platform/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.nexthink.com/platform/security/controlling-session-timeouts-in-the-portal-classic.md).

# Controlling session timeouts (classic)

## Overview

To prevent Cross-Site Request Forgery (CSRF), Portal sessions are time-limited and protected by secure tokens.

By default, a token remains valid for 8 hours. If you are inactive for more than 8 hours while in a Portal session, your next action in Portal redirects you to the login page.

By default, sessions are valid for 24 hours. After continuously using Portal for 24 hours, the session expires, and you must log in again to renew the session.

## Setting token validity periods and session timeouts

Contact Nexthink Support to configure token validity periods and the maximum duration of sessions.

{% hint style="warning" %}
Long intervals make Portal vulnerable to CSRF attacks.
{% endhint %}

The following parameters control token validity and session durations:

| Parameter                                              | Default value | Description                                                                                                                            |
| ------------------------------------------------------ | ------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
| `globalconfig.portal.session.token-validity-period`    | `8 h`         | <p>Sets the value for the validity time of portal session tokens.</p><p>Minimum value: 5 minutes</p>                                   |
| `globalconfig.login-server.token.validity_period`      | `8 h`         | <p>Sets the value for the validity time of tokens.</p><p>Minimum value: 5 minutes</p>                                                  |
| `globalconfig.portal.session.maximum-session-lifetime` | `24 h`        | <p>Sets the value for the validity time of sessions.</p><p>The value can be expressed in minutes, for example: <code>1440 m</code></p> |

## Overriding session timeouts

You can grant users a special privilege that keeps them logged in indefinitely. The configured session timeout value does not affect such users.

For more information, refer to the *Setting personal data and profile* section in the [Users](/platform/user-guide/administration/account-management/users-classic.md) documentation.

***

#### RELATED TASK

* [Users](/platform/user-guide/administration/account-management/users-classic.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.nexthink.com/platform/security/controlling-session-timeouts-in-the-portal-classic.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.