github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-28 19:13:14 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/user/security/session-management.asciidoc
Sid ad542d0188
Change default session idle timeout to 3 days. (#162313) 
Closes https://github.com/elastic/kibana/issues/162215

## Summary

This PR changes the default session idle timeout for users to 3 days. 

## Changes Made

- Updated default `session.idleTimeout` to `3d`. 
- Updated tests to expect the new default timeout
- Updated asciidocs to match the above change

## Release notes

Change the default value of `session.idleTimeout` from 8 hours to 3
days.
2023-07-26 14:29:04 +02:00

69 lines
4.7 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[role="xpack"]
[[xpack-security-session-management]]
=== Session management
When you log in, {kib} creates a session that is used to authenticate subsequent requests to {kib}. A session consists of two components: an encrypted cookie that is stored in your browser, and an encrypted document in a dedicated {es} hidden index. By default, the name of that index is `.kibana_security_session_1`, where the prefix is derived from the primary `.kibana` index. If either of these components are missing, the session is no longer valid.
When your session expires, or you log out, {kib} will invalidate your cookie and remove session information from the index. {kib} also periodically invalidates and removes any expired sessions that weren't explicitly invalidated.
To manage user sessions programmatically, {kib} exposes <<session-management-api, session management APIs>>. For details, check out <<security-session-and-cookie-settings, Session and cookie security settings>>.
[[session-idle-timeout]]
==== Session idle timeout
You can use `xpack.security.session.idleTimeout` to expire sessions after a period of inactivity. This and `xpack.security.session.lifespan` are both highly recommended.
By default, sessions expire after 3 days of inactivity. To define another value for a sliding session expiration, set the property in the `kibana.yml` configuration file. The idle timeout is formatted as a duration of `<count>[ms|s|m|h|d|w|M|Y]` (e.g. '20m', '24h', '7d', '1w'). For example, set the idle timeout to expire sessions after 30 minutes of inactivity:
--
[source,yaml]
--------------------------------------------------------------------------------
xpack.security.session.idleTimeout: "3d"
--------------------------------------------------------------------------------
--
[[session-lifespan]]
==== Session lifespan
You can use `xpack.security.session.lifespan` to configure the maximum session duration or "lifespan" -- also known as the "absolute timeout". This and `xpack.security.session.idleTimeout` are both highly recommended. By default, a maximum session lifespan is 30 days. To define another lifespan, set the property in the `kibana.yml` configuration file. The lifespan is formatted as a duration of `<count>[ms|s|m|h|d|w|M|Y]` (e.g. '20m', '24h', '7d', '1w'). For example, set the lifespan to expire sessions after 7 days:
--
[source,yaml]
--------------------------------------------------------------------------------
xpack.security.session.lifespan: "7d"
--------------------------------------------------------------------------------
--
[[session-cleanup-interval]]
==== Session cleanup interval
[IMPORTANT]
============================================================================
If you disable session idle timeout and lifespan, then Kibana will not automatically remove session information from the index unless you explicitly log out. This might lead to an infinitely growing session index. As long as either idle timeout or lifespan is configured, Kibana sessions will be cleaned up even if you don't explicitly log out.
============================================================================
You can configure the interval at which {kib} tries to remove expired and invalid sessions from the session index. By default, this value is 1 hour and cannot be less than 10 seconds. To define another interval, set the `xpack.security.session.cleanupInterval` property in the `kibana.yml` configuration file. The interval is formatted as a duration of `<count>[ms|s|m|h|d|w|M|Y]` (e.g. '20m', '24h', '7d', '1w'). For example, schedule the session index cleanup to perform once a day:
--
[source,yaml]
--------------------------------------------------------------------------------
xpack.security.session.cleanupInterval: "1d"
--------------------------------------------------------------------------------
--
[[session-max-sessions]]
==== Maximum number of concurrent sessions
By default, there is no limit to the maximum number of concurrent sessions each user can have in {kib}.
To add a limit, use the `xpack.security.session.сoncurrentSessions.maxSessions` configuration option.
If set, the value of this option should be an integer between `1` and `1000`.
When the limit is exceeded, the oldest session is automatically invalidated.
NOTE: Due to the rate at which session information is refreshed, there might be a few seconds where the concurrent session limit is not enforced.
This is something to consider for use cases where it is common to create multiple sessions simultaneously.
--
[source,yaml]
--------------------------------------------------------------------------------
xpack.security.session.concurrentSessions:
maxSessions: 3
--------------------------------------------------------------------------------
--
Reference in a new issue View git blame Copy permalink