Skip to content
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 38 additions & 2 deletions docs/administration/configuration/config-file-reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -235,9 +235,45 @@ used. Specified from [jaas-loginmodule.conf](#jaas-loginmodule-conf).

## Session timeout

See [rundeck-config.properties > Server Settings](#server-settings)
Session timeout controls how long user sessions remain active. Rundeck provides two methods to configure session timeout:

Or set `server.servlet.session.timeout` via [System Properties Configuration](/administration/configuration/system-properties.md).
### Servlet Session Timeout

**Session Timeout Behavior:**

- **Activity-based timeout**: Under normal opertations sessions timeout based on inactivity using the configured `maxMinutes` value
- **Forced re-authentication**: When `forceReauthentication` is enabled, sessions expire after the specified duration regardless of user activity.
- **Default values**: When no configuration is provided, sessions timeout after 60 minutes
- **Invalid configuration**: When the configuration value is invalid, the system falls back to the 60-minute default

> Beware that using the forced re-authentication feature may result in data loss if jobs are not saved when the session is invalidated.

### Inactivity Timeout

To configure the inactivity timeout use `server.servlet.session.timeout`. The default is 60 minutes.

### Forced re-authentication (Commercial Products Only)

It is also possible to force re-authentication regarless of activity levels.

- `rundeck.userSessionDuration.maxMinutes`: Maximum duration in minutes for user sessions. Default: `60` minutes.
- `rundeck.userSessionDuration.forceReauthentication`: `true/false`. Default: `false`. When set to `true`, enforces session timeout regardless of user activity.

All of these can be set via [System Properties Configuration](/administration/configuration/system-properties.md) or in `rundeck-config.properties`

**Example configurations:**

```properties
# Standard activity-based timeout (2 hours)
rundeck.userSessionDuration.maxMinutes=120

# Force reauthentication after 8 hours regardless of activity
rundeck.userSessionDuration.maxMinutes=480
rundeck.userSessionDuration.forceReauthentication=true

# Force reauthentication with default 60-minute timeout
rundeck.userSessionDuration.forceReauthentication=true
```

## rundeck-config.properties

Expand Down