Back to all articles

Best Practice when using Session Timeout

***Pre-release Knowledge Article***

Session Timeout is a delicate dance between ensuring your information remains private and providing a seamless online experience for your end users who will be completing content on the platform.

Below are some best practice tips that you may want to consider before using this function.

1. Enhancing Security

  • Setting a shorter session timeout duration will provide increased security by reducing the window of opportunity for potential unauthorised access. This is especially important if the content added to the platform content contains sensitive business information or personal/special category data.

2. User Convenience

  • On the flip side, longer session timeouts offer greater convenience for your end users, as they won't need to log in as frequently. Striking the right balance is crucial to ensuring a secure environment without compromising user experience. Admins have the option of setting the timeout between 30 minutes and 8 hours

3. Striking the right balance with the 'Privileged User' setting

  • Privileged Users, such as Admins and Business Users, can have access to much more personal data or sensitive business information than end users; therefore, they are at higher risk their session might be accessed by an unauthorised individual.
  • Enabling the 'Privileged Users' setting for Session Timeout will only automatically sign out any users with increased platform permissions, such as Admins and Business Users. This means that your end users will not be impacted by the Session Timeout, providing them with a better user experience when completing content.