Blog

How to customize session timeouts

by on April 1, 2015

Once a user of a Backendless-powered app logs in, a session is established. For a variety of reasons, including application security, it is best not to allow users to remain logged in indefinitely. Therefore, every session has an inactivity timeout timer that is reset with every new API call made within the session. When the timer expires, the user is automatically logged out.

The default timeout value is 3600 seconds (1 hour). This means Backendless will keep a session alive for 1 hour after the most recent API request. You can configure the inactivity timeout value in Backendless Console:

The Enable Session Timeout configuration is located under Users > Login. The default setting if the configuration property is OFF. In that case, the inactivity timeout is set to 3600 as described above. To change the setting, enter a timeout value in the inactivity timeout textbox and click the toggle to set it to the ON state. The maximum allowed value is 30 days, which is 2592000 seconds.