User sessions
A user’s session will automatically end after a period of inactivity. This feature is called inactive session timeout. This is a security measure to prevent unauthorized access to sensitive data if a user leaves their computer unattended. SonarQube will log the user out after the timeout period. By default, the inactive session timeout is 3 days. You can change it.
The active session timeout is supported starting in Enterprise Edition. An active session timeout means a user’s session will automatically end after a period of time, regardless of activity. SonarQube will log the user out after the timeout period even if the user is actively using the system. By default, the active session timeout is 90 days. You can change it.
To configure the user session timeouts, set the following sonar properties in <sonarqubeHome>/conf/sonar.properties. If applicable, you can use the environment variable instead.
System property:
| Description |
|---|---|
| Inactive session timeout (in minutes). The maximum time a user can remain idle (no activity) before the session ends. If the user does not interact with the system within this time, they are logged out. Default value: Minimum value: Maximum value: |
| This property is supported starting in Enterprise Edition. Active session timeout (in minutes). The maximum time a user can remain logged in, regardless of activity. After this time, the session ends automatically even if the user is actively using the system. Default value: Minimum value: Maximum value: |
Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
