Session Configuration
Overview
Session Configuration controls how long a user's authenticated session remains valid within the platform. Two independent timeouts govern session length:
Idle Timeout: the session ends after this period of user inactivity.
Absolute Timeout: the maximum total lifetime of a session from the moment the user logs in, regardless of activity.
While a user is actively working, their session is refreshed automatically in the background, so active users are not interrupted. The timeouts below determine when a user is eventually prompted to sign in again.
"Activity" means user-initiated actions such as navigating, searching, or submitting changes. Background requests the platform makes on its own (for example, polling for updates) do not count as activity and will not reset the Idle Timeout.
Modify Session Settings
Changes apply on each user's next request and do not immediately terminate active sessions.
To view or modify the session settings you can log into the platform and navigate to your Organization Settings page.
Next, click the Security tab, and then note the current settings for Idle Timeout and Absolute Timeout within the Session Configuration section.
From here you can click the Edit button to make changes to these settings.
Idle Timeout
The amount of time a session may remain idle before the user is signed out. When a session is close to its idle limit, the user sees a "Stay signed in?" prompt with a countdown and the option to stay signed in or sign out. Configurable in minutes or hours.
Absolute Timeout
The maximum total duration of a session, measured from initial login. When this limit is reached, the user is prompted to sign in again — there is no option to extend, as this is a fixed security cap. Configurable in minutes or hours.
The Absolute Timeout is the hard ceiling on session length. A session can be kept alive by activity up to the Absolute Timeout, but never beyond it.
Last updated