KBEC-00218 - Improving security by shortening the browser session duration


This article describes how to shorten a CloudBees CD (CloudBees Flow) web GUI user session.


  1. Use session cookies - this setting change will not survive a CloudBees CD (CloudBees Flow) upgrade.
    1. find the php.ini file in the installation directory
    2. set the session.cookie_lifetime to 0
    3. restart Apache
  2. Change the server setting “Idle login session timeout.” It controls the number of minutes before an idle user session is terminated. The default value is 4320 or 3 days. Dropping the setting to 60 is be less convenient for the user but adds some security.
  3. It may be possible to hook the main page with a javascript window.onunload() call that logs off the user.

Have more questions?


Please sign in to leave a comment.