Is Max Web Session timeout an idle timeout, or fixed / absolute?
https://help.sumologic.com/docs/manage/security/set-max-web-session-timeout/
Is the Max Web Session timeout setting an idle timeout (terminate session after X minutes / hours / days of inactivity) or a hard / absolute / fixed timeout (terminate session after X minutes / hours / days regardless of activity)?
Mark
-
Official comment
Hi Mark
In Sumo Logic, the Max Web Session timeout setting is a hard / absolute / fixed timeout. This means that the session will be terminated after the specified number of minutes, regardless of activity. It does not take into account the user's activity or inactivity during the session. Once the time limit is reached, the user will be logged out of their session and will need to log in again to continue using Sumo Logic. Hope this helps.
Comment actions -
Hi Mark,
Actually, I must apologize for the confusion as I have doubled back on this question with the internal team to make sure my response was accurate. It seems that I was mistaken.
The "Max Web Session Timeout' is more of an idle timeout. An "activity" would count a query issued to the backend. So if a user is just browsing results for longer period and they reach timeout, they will be logged out while clicking in the interface. I have also spoken to my documents team to see if we can make it a bit more clearer going forward to avoid any further confusion.
Is there a specific 'use case' that you are looking to address, for example a monitor within an environment displaying dashboards to an operations team?
Very Respectfully
Stephen
-
Hi Stephen. We're just documenting session info for all our apps, idle vs. absolute timeouts, are the timeout configurable etc., as part of a policy review.
I seem to recall there is a longer term absolute timeout ... maybe 30 days? Actually maybe that's for MFA. A "remember this device for 30 days" thing.
Please sign in to leave a comment.
Comments
4 comments