{"id":2556,"date":"2025-07-02T12:43:52","date_gmt":"2025-07-02T12:43:52","guid":{"rendered":"https:\/\/zecurit.com\/help\/docs\/asset-manager\/settings\/security-compliance\/session-settings\/"},"modified":"2025-07-04T06:03:50","modified_gmt":"2025-07-04T06:03:50","slug":"session-settings","status":"publish","type":"docs","link":"https:\/\/zecurit.com\/help\/asset-management\/settings\/security-compliance\/session-settings\/","title":{"rendered":"Session Settings"},"content":{"rendered":"\n<p>Zecurit provides robust <strong>session control settings<\/strong> to help you protect access to your environment by managing session behavior across your organization.<\/p>\n\n\n\n<p>Only the <strong>Super Admin<\/strong> has permission to configure these settings.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What you can configure<\/h3>\n\n\n\n<p>Under <strong>Settings \u2192 Security \u2192 Session Settings<\/strong>, you can customize the following:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. <strong>Session Expiry Period<\/strong><\/h3>\n\n\n\n<p>Sets the maximum duration a user can stay signed in without requiring re-authentication.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Default Setting: 15 days<\/strong><\/li>\n\n\n\n<li><strong>Effect:<\/strong> After the selected number of days, users will be logged out and prompted to log in again\u2014<strong>regardless of activity<\/strong>.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Use this setting to enforce periodic logins for additional security.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">2. <strong>Session Idle Timeout<\/strong><\/h3>\n\n\n\n<p>Defines the amount of <strong>inactivity time<\/strong> after which a user will be <strong>automatically logged out<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Default Setting: 6 hours<\/strong><\/li>\n\n\n\n<li><strong>Effect:<\/strong> If a user remains idle (no actions or clicks) for this duration, the session is terminated and they will need to log in again.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>This helps prevent unauthorized access on unattended machines.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">3. <strong>Concurrent Sessions Limit<\/strong><\/h3>\n\n\n\n<p>Controls how many <strong>active sessions<\/strong> a user can have at the same time (e.g., on different browsers or devices).<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Default Setting:<\/strong> 3<\/li>\n\n\n\n<li><strong>Effect:<\/strong> If a user tries to log in beyond the allowed limit, older sessions will be invalidated or blocked depending on system behavior.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Limits the risk of account misuse or session sprawl.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Important Notes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>These settings apply <strong>organization-wide<\/strong> and affect <strong>all users and technicians<\/strong>.<\/li>\n\n\n\n<li>Only the <strong>Super Admin<\/strong> can <strong>view and change<\/strong> session settings.<\/li>\n\n\n\n<li>Users will see a warning or be auto-logged out based on these policies.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Best Practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Combine session timeout controls with <strong>IP Restrictions<\/strong> and <strong>Two-Factor Authentication<\/strong> for enhanced access protection.<\/li>\n\n\n\n<li>Set <strong>shorter idle timeouts<\/strong> in high-security environments (e.g., shared workstations or public access areas).<\/li>\n\n\n\n<li>Regularly review session behavior from the <strong>Activity Log<\/strong> to audit usage patterns.<\/li>\n<\/ul>\n","protected":false},"featured_media":0,"parent":2553,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","doc_tag":[],"class_list":["post-2556","docs","type-docs","status-publish","hentry"],"comment_count":0,"_links":{"self":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/types\/docs"}],"replies":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/comments?post=2556"}],"version-history":[{"count":2,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2556\/revisions"}],"predecessor-version":[{"id":2620,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2556\/revisions\/2620"}],"up":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2553"}],"wp:attachment":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/media?parent=2556"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/doc_tag?post=2556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}