Start FileCloud FREE Trial
Log in

User Session Expiration

Default Behavior

By default, when a user logs into FileCloud, their session remains authenticated for a specified amount of time.

DeviceTime Session is Valid
Web Browser

Specified by the value in Session Timeout in minutes setting. If the browser is closed, the session expires.

All other apps and clientsDoesn't expire. Session lasts until user logs out from app.


Enabling Session Expiration for all Devices


In FileCloud version 19.3 and earlier session timeout was measured in days; in FileCloud version 20.1 and later, it is measured in minutes. 


If you want all login sessions for all user devices (including web browsers) to expire and require re-login, set the policy to Enforce Session Timeout for All Devices.  

  1. Go to Settings > Policies.
  2. Open the policy for edit.
  3. Click the User Policy tab.
  4. Scroll down to the setting Enforce Session Timeout for All Devices and set it to Yes.
  5. Click Save.

Note: We don't recommend requiring session expiration for devices and other clients as it might impact functionality and reduce user friendliness.

DeviceTime Session is Valid
Web Browser

Specified by the value in Session Timeout in minutes setting. If the browser is closed, the session expires.

All other apps and clientsSpecified by the value in Session Timeout in minutes setting.
Note: When log in used username and password, app will automatically re-login, so the session will not appear to expire.
When log in used Device Authorization code, app will require user to re-login into FileCloud using the web browser.

Disabling Session Expiry when Browser is closed

Starting with 15.0, session expiry time is valid till timeout setting expires or if browser is closed. If the user re-opens the browser, they will need to re-login. If session should still be valid even when browser is closed, please set a config parameter to extend the browser timeout setting. For correct behaviour, please set this value to be significantly larger than the session timeout value. ie if the session timeout is 30 days, then set this configuration to be 90 days.


define("TONIDOCLOUD_BROWSER_COOKIE_TIMEOUT", 86400); // time in seconds that browser remains logged in irrespective of whether browser is closed