User Authentication Session

User Authentication Sessions

User Authentication Sessions define the duration of a user's login and how various factors, such as device changes or inactivity, affect session validity. Sessions are maintained using a cookie-based authentication mechanism, ensuring users remain authenticated across web requests.

Duration Policies Logs out users automatically after a set period of inactivity.

• Short-lived Sessions (e.g., 1 day): Logs out users out automatically after a set period, ideal for high-security environments.

• Medium-lived Sessions (e.g., 7 days): Retain sessions for a week, balancing convenience with security.

• Persistent Sessions: Keep users logged in until they explicitly log out, prioritizing convenience over strict security.

Example: For a banking app, use short-lived sessions (1 day), while for an internal portal, use 7-day sessions.

Session Validity Triggers

Define policies that influence session validity based on context:

• Geographic Location Changes: Require re-authentication if the user changes locations (e.g., switches countries).

• Device Changes: Trigger re-authentication when the user switches to a new device.

• Network Changes: Request re-authentication when switching networks (e.g., Wi-Fi to mobile data).

• Prolonged Inactivity: Automatically log out after a defined period of inactivity (e.g., 15 minutes)