Controlling session timeouts in the Portal
Overview
To prevent Cross-Site Request Forgery (CSRF), sessions in the Portal are time-limited and protected by secure tokens.
By default, a token remains valid for 8 hours. If you are inactive for more than 8 hours while in a Portal session, your next action in the Portal will redirect you to the login page.
In turn, a session is valid for 24 hours by default. After continuously using the Portal for 24 hours without interruption, the session expires and you are forced to log in again to renew the session.
Setting the value of session timeouts
The validity time for both tokens and sessions is configurable. Remember that the longer the interval, the more vulnerable the Portal is to CSRF attacks.
Log in to the CLI of the Portal appliance.
Optional: If the Portal has no configuration file yet, that is, if portal.conf does not exist in folder /var/nexthink/portal/conf, create it by copying the defaults from the sample configuration file:
sudo -u nxportal cp /var/nexthink/portal/conf/portal.conf.sample \
/var/nexthink/portal/conf/portal.conf
Edit the Portal configuration file:
sudo vi /var/nexthink/portal/conf/portal.conf
Type in the following line to set the value for the validity time of portal session tokens (minimum value is 2 minutes). Use the suffix h to specify the time interval in hours and m to express it in minutes. For example, to set the period to its default value of 8 hours:
globalconfig.portal.session.token-validity-period = 8 h
Type in the following line to set the value for the validity time of login server tokens (minimum value is 2 minutes). Use the suffix h to specify the time interval in hours and m to express it in minutes. For example, to set the period to its default value of 8 hours:
globalconfig.login-server.token.validity_period = 8 h
Type in the following line to set the value for the validity time of sessions. For example, to set the period to its default value of 24 hours:
globalconfig.portal.session.maximum-session-lifetime = 24 h
Optional: Express it in minutes:
globalconfig.portal.session.maximum-session-lifetime = 1440 m
Save your changes and exit:
:wq
Restart the Portal to apply your settings:
sudo systemctl restart nxportal
Overriding session timeouts
Note that, when creating a user, the user may be granted the privilege of never being timed out. In that case, the values configured for session timeouts do not apply to that user.
RELATED TASK
Last updated