Forced web sessions timeouts
The absolute web session timeout is an additional layer of defense against session hijacking. When this setting is enabled, a user session is forcefully timed out after a finite duration regardless of it being active or inactive. This is usually a large time period.
To enable this setting, edit
ssmc.properties.
Uncomment the following property and assign it a suitable value:
server.absolute.session.timeout=60Acceptable value must be in the range of 1 hour to 10 days (in minutes). Set it to 60 for standards security compliance. Save the changes and exit.
NOTE:
By default, this setting is disabled. The default value when enabled is one hour. After updating this setting, restart SSMC service (TUI Menu option 2) for the changes to take effect.