Setting the idle session timeout
You can adjust the idle session timeout for IBM® Cloud Pak for Data in accordance with your security and compliance requirements. If a user leaves their session idle in a web browser for the specified length of time, the user is automatically logged out of the web client.
Before you begin
- Required permissions
- To complete this task, you must have one of the following roles:
- Red Hat® OpenShift® cluster administrator
- Red Hat OpenShift project administrator on the project where Cloud Pak for Data is installed
About this task
product-configmap
to adjust:- The length of time until a user's session expires (
TOKEN_EXPIRY_TIME
). - The default is 12 hours.
If you set
TOKEN_EXPIRY_TIME: "1"
, a user's session will expire in after 1 hour of inactivity. If you setTOKEN_EXPIRY_TIME: "0.5"
, a user's session will expire after 30 minutes of inactivity. When the user leaves their session idle for the specified length of time, the user is automatically logged out of the web client.It is recommended that you set the value between 0.1 and 1.
- The length of time that a user has to refresh their session
(
TOKEN_REFRESH_PERIOD
). - The default is 12 hours.
If you set
TOKEN_REFRESH_PERIOD: "1"
and the user's session does not expire, the user's session is automatically refreshed during this 60 minute period. The session is extended based on the value that is set for theTOKEN_EXPIRY_TIME
parameter. However, after the token refresh period passes, the user must log back into the web client when their current session expires.It is recommended that you set the value between 1 and 24.
If you don't want to allow users to extend their sessions, set the value of the
TOKEN_REFRESH_PERIOD
parameter to a value less than the value of theTOKEN_EXPIRY_TIME
parameter.
For example, as an administrator, you configure:
TOKEN_EXPIRY_TIME: "0.5"
TOKEN_REFRESH_PERIOD: "2"
- If the user stops using the web client at 8:10 and attempts to use the web client again until 8:41, the user must re-authenticate to the web client because their session expired.
- If the user remains active in their session and their token refreshes at 9:59 AM, their session will last until 10:29 AM. However, when the session expires at 10:29, the user must re-authenticate to the web client because the token refresh period expired.