Home Orlando Now Platform Administration Now Platform administration User administration Manage user sessions

Manage user sessions

The Now Platform provides the ability to view and terminate individual user sessions, lock out users from the system, and make users inactive.

Terminating a specific user session effectively logs that user out of the next transaction, which is usually the next browser click. Use the terminate sessions feature when you want to perform system maintenance.
Locking a user out of the system means the user can no longer log in or generate any actions from any email messages that the user sends to the instance. Locking out users also terminates their user sessions.
Making a user inactive means that the user does not show up in any fields that reference active users on the User table.

Modify session timeout

The base system uses the default Apache session timeout of 30 minutes.

Before you begin

Role required: admin

About this task

After 30 minutes of inactivity in the application, the platform logs the user out automatically, unless the Remember Me check box in the login screen is selected. Making the interval longer can lead to the unnecessary maintenance of inactive sessions in memory. Adjust this timeout setting to no more than a few hours, although up to 24 hours is workable.

Note: Regardless of how many windows a user has open in a browser, it is considered to be one session. However, if a user has two separate browsers open (such as Internet Explorer and Firefox), it is considered to be two separate sessions.

Procedure

Clear the Remember Me check box in the login screen.
In the Navigator pane, enter sys_properties.list.
In System Properties, search for glide.ui.session_timeout.
If glide.ui.session_timeout does not exist, click New to add a new property using the following values:
- Name: glide.ui.session_timeout
- Description: Type a brief description. In this case, enter something like Override the default session timeout (30). This value is in minutes.
- Type: Select the appropriate data type. In this case, select Integer.
- Value: Change the default value from 30 minutes to a value of your choice.
Note: The session timeout can also be set through installation exit customizations.

What to do next

Ajax calls to the server keep the session alive (such as Labels and Refreshing homepages).
Polling keeps the session alive when the chat desktop is open (requires the Chat plugin).
Administrators can add the following properties to the System Properties table.
- glide.security.csrf.handle.ajax.timeout: Handles errors for timed out Ajax requests when set to true.
- glide.security.auto.resubmit.ajax: Automatically resubmits timed-out Ajax requests when set to true and the Remember Me check box is selected or automatically set. A popup appears to users asking them to continue.
- glide.ui.auto_req.extend.session: When set to true, the system automatically extends a user's session by the value the user selects for the homepage refresh time. If there is no homepage refresh time, the standard timeout value applies. Tablet and mobile devices do not support this property. When set to false, user sessions time out when the Remember me check box is clear. The timeout is based on whether there is a homepage refresh time. When there is no homepage refresh time, the standard timeout value applies. When there is a homepage refresh time, the user session times out after the timeout value plus one interval of the homepage refresh time. For example, if a user selects to refresh interval of five minutes, then user sessions expires after the timeout value plus five minutes.
  Note: Users who select the Remember me check box are unaffected by session timeout properties.
Administrators can also add the following properties to configure an alternate session timeout value for guest sessions. You can do this to conserve system resources:
- glide.session.unauthorized.timeout.enabled: If set to true, enables an alternate session timeout for unauthenticated, guest sessions. Guest sessions are created for HTTP requests to the instance that do not contain authentication information. By default this property is set to true.
- glide.unauthorized.session_timeout: The session timeout value in minutes that controls the lifespan of an unauthenticated (unauthenticated) guest session. Set the property to a value greater than 0 and less than the value in the glide.ui.session_timeout property.

Lock out a user

Lock out a user when you do not want the user to access the instance.

Before you begin

Role required: user_admin or admin

Procedure

Navigate to User Administration > Users and select the user from the list.
Select the Locked Out check box, and update the record.

Mark a user inactive

You can mark a user inactive so the user does not show up in any fields that reference active users on the User table.

About this task

Note: By default, when you mark a user inactive, you lock out that user. The Lock Out Inactive Users business rule governs this behavior.

Procedure

Navigate to User Administration > Users and select the user from the list.
Clear the Active check box, and update the record.

Terminate a specific user session

You can terminate a user session, for example, if you are going to perform system maintenance and users are still logged in.

Navigate to User Administration > Logged in users.
You can only see users who are logged into the same application node as you. If the Active field on a user record value is false, the user is logged in but not currently running a transaction. Most users appear as inactive at any given time.
Select the session you want to end.
Click Lock Out Session.
The session is terminated, and the user is redirected to the login page at the next attempted transaction. The user is not locked out. Multiple user sessions may be associated with one user. Terminating a user session only affects the specific session.

Previous topic

Next topic

Release version

Manage user sessions

The Now Platform provides the ability to view and terminate individual user sessions, lock out users from the system, and make users inactive.

Terminating a specific user session effectively logs that user out of the next transaction, which is usually the next browser click. Use the terminate sessions feature when you want to perform system maintenance.
Locking a user out of the system means the user can no longer log in or generate any actions from any email messages that the user sends to the instance. Locking out users also terminates their user sessions.
Making a user inactive means that the user does not show up in any fields that reference active users on the User table.

Modify session timeout

The base system uses the default Apache session timeout of 30 minutes.

Before you begin

Role required: admin

About this task

Procedure

Clear the Remember Me check box in the login screen.
In the Navigator pane, enter sys_properties.list.
In System Properties, search for glide.ui.session_timeout.
If glide.ui.session_timeout does not exist, click New to add a new property using the following values:
- Name: glide.ui.session_timeout
- Description: Type a brief description. In this case, enter something like Override the default session timeout (30). This value is in minutes.
- Type: Select the appropriate data type. In this case, select Integer.
- Value: Change the default value from 30 minutes to a value of your choice.
Note: The session timeout can also be set through installation exit customizations.

What to do next

Ajax calls to the server keep the session alive (such as Labels and Refreshing homepages).
Polling keeps the session alive when the chat desktop is open (requires the Chat plugin).
Administrators can add the following properties to the System Properties table.
- glide.security.csrf.handle.ajax.timeout: Handles errors for timed out Ajax requests when set to true.
- glide.security.auto.resubmit.ajax: Automatically resubmits timed-out Ajax requests when set to true and the Remember Me check box is selected or automatically set. A popup appears to users asking them to continue.
- glide.ui.auto_req.extend.session: When set to true, the system automatically extends a user's session by the value the user selects for the homepage refresh time. If there is no homepage refresh time, the standard timeout value applies. Tablet and mobile devices do not support this property. When set to false, user sessions time out when the Remember me check box is clear. The timeout is based on whether there is a homepage refresh time. When there is no homepage refresh time, the standard timeout value applies. When there is a homepage refresh time, the user session times out after the timeout value plus one interval of the homepage refresh time. For example, if a user selects to refresh interval of five minutes, then user sessions expires after the timeout value plus five minutes.
  Note: Users who select the Remember me check box are unaffected by session timeout properties.
Administrators can also add the following properties to configure an alternate session timeout value for guest sessions. You can do this to conserve system resources:
- glide.session.unauthorized.timeout.enabled: If set to true, enables an alternate session timeout for unauthenticated, guest sessions. Guest sessions are created for HTTP requests to the instance that do not contain authentication information. By default this property is set to true.
- glide.unauthorized.session_timeout: The session timeout value in minutes that controls the lifespan of an unauthenticated (unauthenticated) guest session. Set the property to a value greater than 0 and less than the value in the glide.ui.session_timeout property.

Lock out a user

Lock out a user when you do not want the user to access the instance.

Before you begin

Role required: user_admin or admin

Procedure

Navigate to User Administration > Users and select the user from the list.
Select the Locked Out check box, and update the record.

Mark a user inactive

You can mark a user inactive so the user does not show up in any fields that reference active users on the User table.

About this task

Note: By default, when you mark a user inactive, you lock out that user. The Lock Out Inactive Users business rule governs this behavior.

Procedure

Navigate to User Administration > Users and select the user from the list.
Clear the Active check box, and update the record.

Terminate a specific user session

You can terminate a user session, for example, if you are going to perform system maintenance and users are still logged in.

Navigate to User Administration > Logged in users.
You can only see users who are logged into the same application node as you. If the Active field on a user record value is false, the user is logged in but not currently running a transaction. Most users appear as inactive at any given time.
Select the session you want to end.
Click Lock Out Session.
The session is terminated, and the user is redirected to the login page at the next attempted transaction. The user is not locked out. Multiple user sessions may be associated with one user. Terminating a user session only affects the specific session.

How search works:

Topics are ranked in search results by how closely they match your search terms

Manage user sessions

Manage user sessions

Modify session timeout

Lock out a user

Mark a user inactive

Terminate a specific user session

On this page

Manage user sessions

Manage user sessions

Modify session timeout

Lock out a user

Mark a user inactive

Terminate a specific user session

Log in to personalize your search results and subscribe to topics