Session and cookie security
Cookie lifetime is limited according to the information security policy of your organization
Y360-2
You can select the time interval before employees need to log in again. By default, session cookie lifetime is unlimited. Set this value to comply with your organization's information security policy. You can do this with an API request. For more information on how to change session cookie lifetime, see this article.
To check the current lifetime value of cookie sessions, use the DomainSessionsService_Get REST API method for the DomainSessionsService resource. The authTTL parameter in the response body gives the sessions' expiration time in seconds. If authTTL equals 0, the lifetime is unlimited.
Guides and solutions to use:
Set the cookie lifetime parameter to not more than 7 days (604,800 seconds). This will reduce the risks due to potentially compromised sessions and unauthorized access.
To update the cookie session lifetime value, use the DomainSessionsService_Update REST API method for the DomainSessionsService resource.
Response example:
{
"authTTL": 604800
}
Where authTTL is time in seconds (in this example, set to 7 days).