Types of Session Lifetime Limits

Session settings apply to the logon pages for the web-based administrative consoles, the command API interface described in the RSA Authentication Manager Developer’s Guide, and the risk-based authentication (RBA) logon attempts by end users. When a session times out or reaches the maximum lifetime, the logon page is redisplayed, and the user must log on again.

You can configure the following settings for sessions:

  • Time-out. The length of time that a session can be inactive before being terminated. The default setting is 30 minutes.

  • Maximum Lifetime. The maximum length of an session. When the console session reaches its session lifetime, the session is terminated and the administrator is logged off, regardless of whether the session is active. The default setting is eight hours.

These settings are independent of session inactivity. For example, if a console and command API session lifetime is eight hours, an administrator is automatically logged off after eight hours, even if there have been no periods of inactivity during the session.

Only a Super Admin can modify the console and command API session settings.