Session Management

Security Requirements and Controls

Change sessions permission

LogScale uses cookies as a secure mechanism to establish a session between the LogScale web frontend and backend API. The only information that's stored in a LogScale session cookie is a session identifier.

Sessions control the security of an individual session for a user:

By limiting the duration of a session timeout; i.e. the period before login is required.
Enforcing a maximum duration that a user can be logged in

Sessions can also be managed, both by the user and by administrators, removing access for a user that may already be logged in.

Setting Session Parameters

As the organization owner, you can access Session settings, where you can configure inactivity timeout and re-login requirements.

Screenshot of the LogScale Session Settings administrative interface accessible to organization owners. The panel displays configuration options for controlling user session security parameters across the organization. The interface shows two primary security controls: the Inactivity Timeout setting, which allows administrators to specify how long users can remain inactive before being automatically logged out (with toggles for enabling/disabling and duration settings); and the Maximum Login Duration setting, which enforces periodic re-authentication by specifying how long users can stay logged in before being required to sign in again regardless of activity. The panel includes dropdown menus for configuring the time values in minutes/hours/days and toggle switches for enabling each security feature.

Figure 34. Session Settings

Setting an Inactivity Timeout

Inactivity timeout defines the maximum period of time that users can be inactive for.

Activity can be

Mouse movement
Refreshing a page
Opening a new LogScale window/tab

Sixty (60) seconds before the session expires, users will be provided with a warning, and have the option to extend their session. They may also choose to terminate their session immediately.

Screenshot of the session inactivity warning dialog that appears 60 seconds before a user's session expires due to inactivity. The dialog alerts users that their session is about to time out and presents two action buttons: one to extend the current session by continuing to use LogScale, and another to log out immediately. This warning gives users the opportunity to maintain their session if they're still actively using the application or safely terminate it if they're finished working.

Figure 35. Inactivity Timeout

Setting a Maximum Login Duration

Require log in defines the maximum duration for a session before the user is required to log in again.

The user will get a warning fifteen (15) minutes before the user is required to log in again; they will have the option to terminate their session immediately.

Screenshot of the LogScale session expiration warning dialog that appears fifteen minutes before a user must re-authenticate due to maximum login duration policy. The dialog alerts users that their current session will expire soon based on organizational security settings that limit the maximum duration a user can remain logged in. The warning provides information about the remaining time before forced logout and presents options for users to either continue working with their current session until expiration or log out immediately. This security feature enforces periodic re-authentication regardless of activity level, complementing the separate inactivity timeout feature by ensuring users verify their identity at regular intervals even during active use of the platform.

Figure 36. Require Log In

Managing Active Sessions

Security Requirements and Controls

Change sessions permission

You can get an overview of sessions on an account and organizational level.

Self-Managing Sessions

As a user, you can get an overview of all your active sessions by going to the Sessions page:

You can end an individual session, or all sessions at once.
Ending all user sessions will also end the current session, which will log you out immediately.

Managing Sessions within an Organization

As the organization owner, you can access Active sessions and get an overview of all current active sessions of the users in the organization.

From this interface, you can:

Find and filter the sessions by user id.
Terminate individual sessions or end all sessions for all users within the organization.
Ending all organization sessions will also end your current session, which will force you to be logged out immediately.

A screenshot of the Active Sessions interface showing active user sessions in an organization. The interface displays a table with columns for User ID, Sign-in Time, and Browser Information. Each row represents a user session with options to terminate individual sessions. At the top of the interface is a search field to filter sessions by user ID, and a button to end all organization sessions.

Figure 37. Managing Sessions in an Organization

Self-Hosted Overview

Instance Administration

Organization Essentials

Configuring Security

Authentication & Identity Providers

Users & permissions

Cluster Management

Health Checks

Ingesting Data

Configuration Settings

Configuration Variables

LogScale URLs & Endpoints

Limits & Standards

Deployment Overview

Planning Your Deployment

Provisioning

Installing Using Containers

Installing On Bare Metal or Cloud Instance

Reference Architectures

LogScale Kubernetes Reference Architecture

Installing Load Balancers

Deploying Auxiliary Services

Humio Operator

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts