For security purposes, users will be automatically logged out of the application after 20 minutes of inactivity.
A notice will appear at the top of the screen 30 seconds prior to the auto logout time to notify the user that the session is about to expire.
Configuring the Automatic Logout Timer Globally
You can control when an inactive user session expires. The default session timeout is 20 minutes of inactivity, but you can change this following the next steps:
- Open the ‘@app/config/params.php’ file
- Add or Replace the following lines:
// Session Timeout 'App.User.SessionTimeout.value' => 1200000, // Milliseconds. 0 (Disabled) or 1200000 (20 minutes) 'App.User.SessionTimeout.warning' => 30000, // Milliseconds. 0 (Disabled) or 30000 (30 seconds)
- Save the file
Now you can edit those line. For example:
- Change the value of ‘App.User.SessionTimeout.value‘ to 0 to disable or 7200000 (2 hours).
- Change the value of ‘App.User.SessionTimeout.warning‘ to 0 to disable or 60000 (1 minute).
Then, the system prompts inactive users 1 minute before timeout (2 hours), as specified by the Timeout value.
Configuring the Automatic Logout Timer for your user account
To configure the Timeout value for your user account, just follow these steps:
- Click on your username in the navigation menu.
- Click “Manage Account”
- Click “Preferences”
- In “Session Settings”, select a “Timeout value” between 15 minutes and 24 hours
- Click Save
Choose a shorter timeout period if your account has sensitive information and you want to enforce stricter security.