Use the glide.guest.active.session.life_span property to control the duration of an active guest’s HTTP sessions.

The glide.guest.active.session.life_span property enforces a maximum lifespan on active guest HTTP sessions, irrespective of their session inactivity or the amount of time a user is inactive before their session times out and closes. The configured value is in minutes. A value of zero will disable timing out the active sessions. A larger value could allow an attacker to remain in a stolen session for longer, increasing the possibility of a security incident. This property is limited to guest users, which have low privilege access to an instance.

To remediate this security vulnerability, set glide.guest.active.session.life_span to a value greater than 0 and less than or equal to 720.

More information