Configure Interactive Session Expiration
(For On-Premises installations): When you want inactive sessions to deactivate after a time-out period, you need to set four interlinked configuration parameters with the installer. Two of these parameters handle the session expiration in the backend and two of them control the frontend tracker that handles the session expiration when the user’s browser is idle. To achieve session expiration for a specific period of time (for example, 30 minutes), these parameters should be aligned to the same value.
The parameters, with sample settings, are:
sysdig
inactivitySettings:
trackerEnabled: true
trackerTimeout: 1800
api:
jvmOptions: -Ddraios.security.rememberMe.tokenValiditySeconds=1800 -Ddraios.security.session.timeoutMinutes=30
sysdig.inactivitySettings.trackerEnabled
| Must be set to enable frontend activity tracker in general, boolean | false by default
|
sysdig.inactivitySettings.trackerTimeout
| Timeout in seconds before the inactive interactive session expires, valid only if sysdig.inactivitySettings.trackerEnabled is set to true
| 1800 seconds by default |
draios.security.rememberMe.tokenValiditySeconds
| Must match the trackerTimeout value | 1800 if trackerTimeout default is used |
draios.security.session.timeoutMinutes
| Convert validitySeconds to minutes | 30 if trackerTimeout default is used |
The jvmOptions
parameters handle the backend session expiration, while
the sysdig.inactivitySettings.trackerEnabled
and
sysdig.inactivitySettings.trackerTimeout
handle the frontend activity
tracker.
Learn More