How to Set/Engineer a Max Session Age

Must-share information (formatted with Markdown):

  • Community Edition Version 9.4
  • Create a max age for session. Basically make a user re-authenticate after 12 hours, regardless of activity
  • No actual attempts have been made, as we haven’t found any plausible idea. Just doing research right now

Hey there.

You can set sonar.web.sessionTimeoutInMinutes in your conf/sonar.properties file (or via Environment Variables if you’re deploying through Docker.

# The inactivity timeout duration of user sessions, in minutes. After the configured
# period of time, the user is logged out.
# The default value is set to 3 days (4320 minutes).
# It must be set between 6 minutes and 3 months (129600 minutes).
# Value must be strictly positive.
#sonar.web.sessionTimeoutInMinutes=4320

Hello Colin, thank you for the response.
We’re aware of the inactivity session setting. However, we need to set another one where the user is logged out regardless of being active or not, within the last 12 hours.