Why admin sessions do not timeout after the idle-timeout setting?
15113
Created On 11/27/19 02:18 AM - Last Modified 02/20/23 08:41 AM
Question
Why idle admin sessions do not time out and can be seen on Dashboard even after exceeding "Idle Timeout" period set under Device>Setup>Authentication Settings?
In the below snapshot, it can be seen that the device still shows idle admin sessions which are idle for several days(red rectangle).
There is a huge difference between current time (orange rectangle) and admin sessions start time.
Similar information for current idle time can be seen using the below CLI command:
> show admins
Environment
Long idle admin sessions can be caused if the Dashboard, ACC, Alarm or logs under Device>Monitor are set with refresh timers shorter than Idle Timeout :
Dashboard:
ACC:
Monitor:
Alarms (Web GUI bottom-right corner):
Answer
- Refreshing web interface pages such as the Dashboard, ACC, Alarms and logs under Device>Monitor resets the Idle Timeout counter.
- To enable the firewall to enforce the timeout when you are on a page that supports automatic refreshing, set the refresh interval to Manual or to a value higher than the Idle Timeout.
- Auto refresh on ACC tab can also left unchecked.
Dashboard:
ACC:
Monitor:
Alarms(default Value is "Refresh every 15 seconds"):
Additional Information
Using the Logout option from the bottom-left corner of the web interface, can help in immediate log out of the admin session and the admin session will not be left idle.