When Authentication Tokens are not used, Web Sessions guard persistent authorized access to SavaPage.
For security reasons all sessions expire (timeout) after a certain period of inactivity. Each interaction with the Web App that results in a call to the SavaPage Web Server resets the inactivity timer. Closing the browser window will end the session. The default timeout periods for different login types are described in the table below:
| Login type | Default value |
|---|---|
|
Admin Web App |
1440 minutes (24 hours) |
|
User Web App |
60 minutes (1 hour) |
Table 14.1. Default Web Session Timeout Values
The timeout value (in minutes) can be changed using the configuration properties below. A value of 0 indicates that the session will never time out.
| Configuration property | Description |
|---|---|
|
web-login.admin.session-timeout-mins |
Inactivity timeout for the Admin Web App |
|
web-login.user.session-timeout-mins |
Inactivity timeout for the User Web App |
Table 14.2. Web Session Timeout Configuration Properties
See Section 4.10.14.10, “Config Editor” for information about changing configuration properties.
Changed inactivity timeout values take effect for new sessions. Note that some pages periodically refresh the page (or data on the page), such as the Dashboard. A session will not time out if a browser is left on these pages, as it will be considered active.