Session Timeout

In the context of:

ESCWA

Irrespective of whether ESCWA has verification required (and is therefore restricted), all clients will require a session to perform actions.

ESCWA has a session timeout which can be removed.

Timeouts limit exposure to a variety of session-based attacks and therefore should be implemented.

Directory Servers

Irrespective of whether a Directory Server has verification required (and is therefore restricted), all clients will require a session to perform actions.

Directory Servers have a session timeout which can be removed.

Timeouts limit exposure to a variety of session-based attacks and therefore should be implemented.

Configuration options

ESCWA

To ensure ESCWA has a session timeout enabled, use ESCWA to perform the following steps:

  1. Click

    This opens the Enterprise Server Administration Configuration dialog box.

  2. Expand Security Settings
  3. In the Session Inactivity Timeout field, set it to the timeout required.
    Note: If this field is set to 0, then there is no timeout.
  4. Click Apply.
Directory Server

To ensure a Directory Server has a session timeout enabled, use ESCWA to perform the following steps:

  1. In the top menu bar, click Native.
  2. In the Native Navigation pane, expand Directory Server.
  3. Click the directory server you require, then click Properties > Configuration.

    This takes you to the Directory Server Configuration page.

  4. Check Timeout API Sessions.

    This ensures that the API session timeout is set to the specified value.

  5. Click Apply.
Parent topic: Configuration Report