KBEC-00218 - Improving security by shortening the browser session duration

Article ID:360033192391
1 minute readKnowledge base


This article describes how to shorten a CloudBees CD (CloudBees Flow) web GUI user session.


  1. Use session cookies - this setting change will not survive a CloudBees CD (CloudBees Flow) upgrade.

    1. find the php.ini file in the installation directory

    2. set the session.cookie_lifetime to 0

    3. restart Apache

  2. Change the server setting "Idle login session timeout." It controls the number of minutes before an idle user session is terminated. The default value is 4320 or 3 days. Dropping the setting to 60 is be less convenient for the user but adds some security.

  3. It may be possible to hook the main page with a javascript window.onunload() call that logs off the user.