Session Management

Security Requirements and Controls

LogScale uses cookies as a secure mechanism to establish a session between the LogScale web frontend and backend API. The only information that's stored in a LogScale session cookie is a session identifier.

Sessions control the security of an individual session for a user:

  • By limiting the duration of a session timeout; i.e. the period before login is required.

  • Enforcing a maximum duration that a user can be logged in

Sessions can also be managed, both by the user and by administrators, removing access for a user that may already be logged in.

Setting Session Parameters

As the organization owner, you can access Session settings, where you can configure inactivity timeout and re-login requirements.

Session Settings

Figure 40. Session Settings

Setting an Inactivity Timeout

Inactivity timeout defines the maximum period of time that users can be inactive for.

Activity can be

  • Mouse movement

  • Refreshing a page

  • Opening a new LogScale window/tab

Sixty (60) seconds before the session expires, users will be provided with a warning, and have the option to extend their session. They may also choose to terminate their session immediately.

Inactivity Timeout

Figure 41. Inactivity Timeout

Setting a Maximum Login Duration

Require log in defines the maximum duration for a session before the user is required to log in again.

The user will get a warning fifteen (15) minutes before the user is required to log in again; they will have the option to terminate their session immediately.

Require Log In

Figure 42. Require Log In

Managing Active Sessions

You can get an overview of sessions on an account and organizational level.

Self-Managing Sessions

As a user, you can get an overview of all your active sessions by going to the Sessions page:

  • You can end an individual session, or all sessions at once.

  • Ending all user sessions will also end the current session, which will log you out immediately.

Managing Sessions within an Organization

As the organization owner, you can access Active sessions and get an overview of all current active sessions of the users in the organization.

From this interface, you can:

  • Find and filter the sessions by user id.

  • Terminate individual sessions or end all sessions for all users within the organization.

    Ending all organization sessions will also end your current session, which will force you to be logged out immediately.

Managing Sessions in an Organization

Figure 43. Managing Sessions in an Organization