Absolute session timeout and idle session timeout
Absolute session timeout is a recommended security feature, while idle session timeout is mainly a resource management feature.
Absolute session timeout requires all Spotfire users to log in to the program again after the configured amount of time. This is true whether a user has been working in Spotfire the entire time, has left the computer unattended, or has shut the computer down. The data associated with the session remains available to the user so that they can log back in (on the same computer or a different computer) and continue working. The absolute session timeout default is 1,440 minutes (24 hours).
Because the login page makes no background requests, when an absolute session timeout occurs, the session data is eventually destroyed when the idle session timeout is reached. This assumes that the user is not immediately logged back in again because they previously selected the Keep me logged in check box.
Both idle session timeout and absolute session timeout are set in the configuration.xml file. Therefore, in a clustered implementation the setting applies to all the resources in the cluster.
These timeout properties can be configured either in the Spotfire configuration tool or on the command line.