KBEC-00218 - Improving security by shortening the browser session duration

Description

This article describes how to shorten a CloudBees CD (CloudBees Flow) web GUI user session.

Solutions

  1. Use session cookies - this setting change will not survive a CloudBees CD (CloudBees Flow) upgrade.
    1. find the php.ini file in the installation directory
    2. set the session.cookie_lifetime to 0
    3. restart Apache
  2. Change the server setting “Idle login session timeout.” It controls the number of minutes before an idle user session is terminated. The default value is 4320 or 3 days. Dropping the setting to 60 is be less convenient for the user but adds some security.
  3. It may be possible to hook the main page with a javascript window.onunload() call that logs off the user.
Was this article helpful?
0 out of 0 found this helpful

Have more questions?

0 Comments

Please sign in to leave a comment.