SonarQube Community Build | Instance administration | Security | User sessions

User sessions

A user’s session will automatically end after a period of inactivity. This feature is called inactive session timeout. This is a security measure to prevent unauthorized access to sensitive data if a user leaves their computer unattended. SonarQube will log the user out after the timeout period. By default, the inactive session timeout is 3 days. You can change it.

With SonarQube Server, an active session timeout is also supported. For more information, see SonarQube Community Build feature support.

To configure the inactive session timeout, set the following sonar property in <sonarqubeHome>/conf/sonar.properties. You can use the environment variable instead.

Property: sonar property environment variable	Description
sonar.web.sessionTimeoutInMinutes SONAR_WEB_SESSIONTIMEOUTINMINUTES	Inactive session timeout (in minutes). The maximum time a user can remain idle (no activity) before the session ends. If the user does not interact with the system within this time, they are logged out. Default value: `4320` (3 days) Minimum value: `6` Maximum value: `129 600` (90 days)

Property:

sonar property
environment variable

Description

sonar.web.sessionTimeoutInMinutes
SONAR_WEB_SESSIONTIMEOUTINMINUTES

Inactive session timeout (in minutes). The maximum time a user can remain idle (no activity) before the session ends. If the user does not interact with the system within this time, they are logged out.

Default value: 4320 (3 days)

Minimum value: 6

Maximum value: 129 600 (90 days)

Was this page helpful?