Scenario Description

In security-sensitive environments, users often need to conduct sensitive transactions and process information. There is a potential security risk due to users possibly leaving their computers without logging out during operations. To address this issue, JumpServer supports managing user session validity periods by automatically expiring sessions after a certain period of inactivity and requiring re-login, ensuring account security and preventing unauthorized access and operations.

Configuration Description

JumpServer supports setting the expiration time of user sessions by modifying parameter configurations.

Configuration Parameters

Edit the main configuration file of JumpServer to modify the certificate-related information.

root@jumpserver-v4:~# vi /opt/jumpserver/config/config.txt

# SESSION_COOKIE_AGE=86400
#  SESSION_EXPIRE_AT_BROWSER_CLOSE=false

Note: In the table, you can choose one of the two parameters to configure based on your actual scenario.

Detailed Parameter Description：

Parameter	Default Value	Optional Calues	Description
SESSION_COOKIE_AGE	3600 * 24（s）		Validity period of user session cookies
SESSION_EXPIRE_AT_BROWSER_CLOSE	false	true false	User session expires after the browser is closed

Parameter

Default Value

Optional Calues

Description

SESSION_COOKIE_AGE

3600 * 24（s）

Validity period of user session cookies

SESSION_EXPIRE_AT_BROWSER_CLOSE

false

true

false

User session expires after the browser is closed

Restart JumpServer

You need to restart the JumpServer service for the configuration to take effect.

jmsctl restart

After the restart, you can run docker ps to check the health status of the components.

Function Verification

After the configuration is complete, you can observe the expiration of user sessions based on actual conditions.

菜单

The Importance of Managing User Session Validity Periods

Scenario Description

Configuration Description

Configuration Parameters

Restart JumpServer

Function Verification