Absolute session timeout and idle session timeout
Absolute session timeout is a recommended security feature, while idle session timeout is mainly a resource management feature.
Absolute session timeout requires all Spotfire users to log in to the program again after the configured amount of time. This is true whether a user has been working in Spotfire the entire time, has left the computer unattended, or has shut the computer down. The data associated with the session remains available to the user so that they can log back in (on the same computer or a different computer) and continue working. The absolute session timeout default is 1,440 minutes (24 hours).
Because the login page makes no background requests, when an absolute session timeout occurs, the session data is eventually destroyed when the idle session timeout is reached. This assumes that the user is not immediately logged back in again because they previously selected the Keep me logged in check box.
Both idle session timeout and absolute session timeout are set in the configuration.xml file. Therefore, in a clustered implementation the setting applies to all the resources in the cluster.
These timeout properties can be configured either in the Spotfire configuration tool or on the command line.
- Setting idle session timeout and absolute session timeout by using the configuration tool
Both session timeout values can be adjusted in the Security section of the TIBCO Spotfire® Server configuration tool. - Setting idle session timeout by using the command line
The primary function of the idle session timeout is to release the resources that are associated with a user session when the computer is inactive for the configured amount of time. The default is 30 minutes. - Setting absolute session timeout by using the command line
The absolute session timeout indicates the number of minutes after which a user must log in to Spotfire again. The default is 1,440 minutes (24 hours). - Setting web client idle time behavior by using the command line
In administrator apps (e.g., Monitor & Diagnostics, Nodes & Services, etc.) user inactivity is detected individually for each opened browser window and users will be redirected to another page at the end of the configured idle session timeout. A dialog is by default displayed to inform the user about the inactivity, but you can configure the behavior in different ways.
- Setting idle session timeout and absolute session timeout by using the configuration tool
Both session timeout values can be adjusted in the Security section of the TIBCO Spotfire® Server configuration tool. - Setting idle session timeout by using the command line
The primary function of the idle session timeout is to release the resources that are associated with a user session when the computer is inactive for the configured amount of time. The default is 30 minutes. - Setting absolute session timeout by using the command line
The absolute session timeout indicates the number of minutes after which a user must log in to Spotfire again. The default is 1,440 minutes (24 hours). - Setting web client idle time behavior by using the command line
In administrator apps (e.g., Monitor & Diagnostics, Nodes & Services, etc.) user inactivity is detected individually for each opened browser window and users will be redirected to another page at the end of the configured idle session timeout. A dialog is by default displayed to inform the user about the inactivity, but you can configure the behavior in different ways.