- What is the recommended session timeout?
- How long should a login session last?
- How do I check session timeout?
What is the recommended session timeout?
Typical session timeouts are 15- to 45-minute durations depending on the sensitivity of the data that may be exposed. As the session timeout is approaching, offer users a warning and give them an opportunity to stay logged in.
How long should a login session last?
It considers that longer idle time outs (15-30 minutes) are acceptable for low-risk applications. On the other hand, NIST recommends that application builders make their users re-authenticate every 12 hours and terminate sessions after 30 minutes of inactivity.
How do I check session timeout?
The Session Timeout setting is found on the Global Settings page, in the Security tab. This setting is used to control how long a user session can be inactive in their browser before they are automatically redirected to a pop-up Login window.