Session Management
Security Requirements and Controls
Change sessions
permission
LogScale uses cookies as a secure mechanism to establish a session between the LogScale web frontend and backend API. The only information that's stored in a LogScale session cookie is a session identifier.
Sessions control the security of an individual session for a user:
By limiting the duration of a session timeout; i.e. the period before login is required.
Enforcing a maximum duration that a user can be logged in
Sessions can also be managed, both by the user and by administrators, removing access for a user that may already be logged in.
Setting Session Parameters
As the organization owner, you can access Session settings, where you can configure inactivity timeout and re-login requirements.
Figure 40. Session Settings
Setting an Inactivity Timeout
Inactivity timeout defines the maximum period of time that users can be inactive for.
Activity can be
Mouse movement
Refreshing a page
Opening a new LogScale window/tab
Sixty (60) seconds before the session expires, users will be provided with a warning, and have the option to extend their session. They may also choose to terminate their session immediately.
Figure 41. Inactivity Timeout
Setting a Maximum Login Duration
Require log in defines the maximum duration for a session before the user is required to log in again.
The user will get a warning fifteen (15) minutes before the user is required to log in again; they will have the option to terminate their session immediately.
Figure 42. Require Log In
Managing Active Sessions
Security Requirements and Controls
Change sessions
permission
You can get an overview of sessions on an account and organizational level.
Self-Managing Sessions
As a user, you can get an overview of all your active sessions by
going to the Sessions
page:
You can end an individual session, or all sessions at once.
Ending all user sessions will also end the current session, which will log you out immediately.
Managing Sessions within an Organization
As the organization owner, you can access Active
sessions
and get an overview of all current active
sessions of the users in the organization.
From this interface, you can:
Find and filter the sessions by user id.
Terminate individual sessions or end all sessions for all users within the organization.
Ending all organization sessions will also end your current session, which will force you to be logged out immediately.
Figure 43. Managing Sessions in an Organization