Skip to main content

Session Timeouts

Immersive
Updated

To enhance platform security and provide organizations with greater control over user access, we offer configurable Session Idle Timeouts and a Maximum Session Timeout. 

 

Contents

 

How Sessions Work

When you log in to the platform, a session cookie is created in your browser. This cookie acts as your "digital ID card," allowing the platform to recognize you as you move between pages.

  • Resuming Your Work: Because of these cookies, you can close a browser tab and reopen the platform later to resume your session without needing to log in again—provided your session hasn't timed out.

  • Multi-Tab Support: Your session is shared across all open tabs in the same browser, ensuring a consistent experience.

     

Idle Timeout Configuration

The Idle Timeout setting controls how long a user can remain inactive before the platform automatically signs them out. This is particularly useful for maintaining security on shared devices or in sensitive environments.

  • Default Behavior: By default, the idle timeout is set to 120 minutes for all new and existing customers.
  • Customization: Your organization can now request a customized idle timeout value between 5 minutes and 120 minutes (2 hours).
  • How to Update: Please contact Support to adjust the idle timeout for your organization.

Once configured, any user within your organization who remains inactive for the specified duration will be automatically signed out.

 

Maximum Session Timeout

In addition to idle settings, the platform now enforces a Maximum Session Timeout of 8 hours. This is a hard limit that applies to all sessions, regardless of the user’s activity.

Session Warnings

To prevent unexpected interruptions to your work, the platform provides clear warnings before the 8-hour limit is reached:

  • 1 Hour Warning: A notification appears 60 minutes before your session expires.
  • 1 Minute Warning: A final alert appears 60 seconds before you are signed out.

Your Options

When a warning appears, you have two choices:

  1. Sign In Again: Selecting this option allows you to re-authenticate immediately to refresh your session and continue working.
  2. Dismiss: You can close the warning and continue your current session. However, once the 8-hour limit is reached, you will be immediately signed out and must sign in again to regain access.

Optional: Session Expiry on Browser Close

For organizations where device sharing is common or security requirements are high, we offer an optional configuration: "Expire session on browser close."

When enabled, the platform instructs the browser to remove the session cookie as soon as the browser application is shut down. This should prevent the next person using the device from accessing your account.

Browser Behavior Variations

The way a browser "closes" can vary depending on your operating system and settings. During our testing, we observed the following:

Browser Behaviour when “Expire on Close” enabled
Google Chrome Clears session data immediately when the browser application is closed. 
Safari (macOS) Requires a full “Quit” (Cmd + Q) to clear the session cookie. Clicking the red “close”  button on the window keeps the application and session active in the background.
Firefox May require specific settings to be disabled, such as “Open previous windows and tabs” to ensure the session cookie is successfully cleared upon Browser exit. 


 

See FAQs for more information...

Related to

Related articles

Comments

0 comments

Article is closed for comments.