KBEC-00218 - Improving security by shortening the browser session duration

Article ID:360033192391
1 minute readKnowledge base

Description

This article describes how to shorten a CloudBees CD (CloudBees Flow) web GUI user session.

Solutions

  1. Use session cookies - this setting change will not survive a CloudBees CD (CloudBees Flow) upgrade.

    1. find the php.ini file in the installation directory

    2. set the session.cookie_lifetime to 0

    3. restart Apache

  2. Change the server setting "Idle login session timeout." It controls the number of minutes before an idle user session is terminated. The default value is 4320 or 3 days. Dropping the setting to 60 is be less convenient for the user but adds some security.

  3. It may be possible to hook the main page with a javascript window.onunload() call that logs off the user.

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.