Skip to main content
All CollectionsUser Guides
Security: Session Management
Security: Session Management

Set up session management rules to automatically terminate user sessions after a defined period, enhancing the security of your apps.

Sergio M avatar
Written by Sergio M
Updated over 2 months ago

By implementing session management rules, you can ensure that users are automatically logged out after a period of inactivity or when a predefined timeout is reached. This feature has several benefits, including:

  • Minimizing risk of unauthorized access.

  • Helping comply with data protection regulations.

  • Protecting user data.

  • Reducing the chances of session hijacking.

In this guide, we will explore how to configure session management rules, enabling you to maintain optimal security for your platform while ensuring a seamless user experience.

Requirements

1. Configuring session rules at the app level

Rules configured at the app level will affect the sessions of all the users that belong to that app, except for any individual user who has been assigned specific rules separately.

To configure session rules at the app level, follow these steps:

  1. Go to “apps”.

  2. Go to the settings of the app you want to edit.

  3. On the left-hand menu, click on "settings" and then on "security".

  4. Scroll down to the "session management" section.

  5. In the drop-down menu of the “expiration type” option, select the type of expiration that will be enforced. These are the expiration types available:

    • Session timeout: users are logged out after the specified time, which starts when the user logs in.

    • Inactivity timeout: users are logged out after a defined period of inactivity (no navigation or editing).

    • Session and Inactivity timeout: both options are applied simultaneously.

  6. Once a type of expiration is selected, the timeout field corresponding to the selected option will become active. Select a unit of time (either minutes, hours, days or months) and the number of those units to define the logic of the session rule.

  7. Click on the “save” button.

2. Configuring session rules at the user level

Session rules for specific users override app-level settings and apply exclusively to the chosen user.

To configure session rules at the user level, follow these steps:

  1. Go to “users” → “users”.

  2. Click on the user you want to define a session rule for.

  3. In the drop-down menu of the “expiration type” option, select the type of expiration that will be enforced. These are the expiration types available:

    • Session timeout: users are logged out once the specified time is reached. This time starts counting from the moment the user logs in.

    • Inactivity timeout: users who become inactive for the specified time are logged out. Not creating/editing things in the platform nor navigating through it is considered being inactive.

    • Session and Inactivity timeout: both options are applied simultaneously.

  4. Once a type of expiration is selected, the timeout field corresponding to the selected option will become active. Select a unit of time (either minutes, hours, days or months) and the number of those units to define the logic of the session rule.

  5. Click on the “send invitation” tab and then on the “save” button.

Did this answer your question?