User sessions

A user’s session will automatically end after a period of inactivity. This is a security measure to prevent unauthorized access to sensitive data.

A user’s session will automatically end after a period of inactivity. This feature is called inactive session timeout. This is a security measure to prevent unauthorized access to sensitive data if a user leaves their computer unattended. SonarQube will log the user out after the timeout period. By default, the inactive session timeout is 3 days. You can change it.

With SonarQube Server, an active session timeout is also supported. For more information, see Feature comparison table.

To configure the inactive session timeout, set the following sonar property in <sonarqubeHome>/conf/sonar.properties. You can use the environment variable instead.

sonar.web.sessionTimeoutInMinutes

SONAR_WEB_SESSIONTIMEOUTINMINUTES

Inactive session timeout (in minutes). The maximum time a user can remain idle (no activity) before the session ends. If the user does not interact with the system within this time, they are logged out.

Default value: 4320 (3 days)

Minimum value: 6

Maximum value: 129 600 (90 days)

PreviousUser accounts NextTokens

Last updated 4 months ago

Was this helpful?