Start FileCloud FREE Trial
Log in

User Session Expiration

Default Behavior

By default, when a user logs into FileCloud, their session remains authenticated for a specified amount of time.

DeviceTime Session is Valid
Web Browser

Specified by the value in Session Timeout in minutes setting. If the browser is closed, the session expires.

All other apps and clientsDoesn't expire. Session lasts until user logs out from app.

 

Enabling Session Expiration for all Devices

In FileCloud version 19.3 and earlier session timeout was measured in days; in FileCloud version 20.1 and later, it is measured in minutes. 


If you want all login sessions for all user devices (including web browsers) to expire and require re-login, set the policy to Enforce Session Timeout for All Devices.  

  1. Go to Settings > Policies.
  2. Open the policy for edit.
  3. Click the User Policy tab.
  4. In order to enable the Enforce Session Timeout for Devices setting, scroll down to the setting Enable code based device authentication and set it to YES.
    Now Enforce Session Timeout for Devices is enabled.
  5. Set Enforce Session Timeout for All Devices to YES.
  6. Click Save.

Note: We don't recommend requiring session expiration for devices and other clients as it might impact functionality and reduce user friendliness.

DeviceTime Session is Valid
Web Browser

Specified by the value in Session Timeout in minutes setting. If the browser is closed, the session expires.

All other apps and clientsSpecified by the value in Session Timeout in minutes setting.
Note: When log in used username and password, app will automatically re-login, so the session will not appear to expire.
When log in used Device Authorization code, app will require user to re-login into FileCloud using the web browser.

Disabling Session Expiry when Browser is closed

Session expiry time is valid until timeout setting expires or the browser is closed. If the browser is reopened, the user must log in again.

If session should be valid even when the browser is closed, set the following config parameter to extend the browser timeout setting. For correct behavior, set this value to be significantly larger than the session timeout value, for example, if the session timeout is 30 days, then set this configuration to 90 days.

define("TONIDOCLOUD_BROWSER_COOKIE_TIMEOUT", 86400); // time in seconds that browser remains logged in irrespective of whether browser is closed