From 378c23968779cd6b33802759c38e545d7a18025b Mon Sep 17 00:00:00 2001 From: Aleh Zasypkin Date: Fri, 14 Aug 2020 11:03:13 +0200 Subject: [PATCH] Review#6: incorporate docs review suggestions. --- docs/user/security/session-management.asciidoc | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/docs/user/security/session-management.asciidoc b/docs/user/security/session-management.asciidoc index 29fb7a704e06f1..7c6f27ae3fd7ef 100644 --- a/docs/user/security/session-management.asciidoc +++ b/docs/user/security/session-management.asciidoc @@ -2,21 +2,19 @@ [[xpack-security-session-management]] === Session management -When you log in to {kib} it creates a session that is used to authenticate any subsequent request to {kib} made on your behalf. {kib} encrypts any sensitive session information and stores it in a dedicated hidden {es} index. By default, the name of that index is `.kibana_security_session_1` where the prefix depends on the name of the main `.kibana` index. +When you log in to {kib} it creates a session that is used to authenticate subsequent requests to {kib}. A session consists of two components: an encrypted cookie that is stored in your browser, and an encrypted document in a dedicated {es} hidden index. By default, the name of that index is `.kibana_security_session_1` where the prefix is derived from {kib}'s primary `.kibana` index. -Additionally, for every new session {kib} creates an encrypted client side cookie that is stored in your browser and sent to {kib} with every request. This way {kib} can associate request with the session information stored in the session index. - -When your session expires, or you log out of {kib} explicitly it will invalidate your cookie and remove session information from the index. In addition to that {kib} performs a regular session index cleanup to remove any expired sessions that weren't invalidated explicitly. +When your session expires, or you log out of {kib} explicitly it will invalidate your cookie and remove session information from the index. {kib} also periodically invalidates and removes any expired sessions that weren't invalidated explicitly. [[session-idle-timeout]] ==== Session idle timeout -You can configure timeout to expire idle sessions. By default, a session stays +You can optionally expire sessions after a period of inactivity. By default, a session stays active until the browser is closed. To define a sliding session expiration, set the `xpack.security.session.idleTimeout` property in the `kibana.yml` configuration file. The idle timeout is formatted as a duration of `[ms|s|m|h|d|w|M|Y]` (e.g. '70ms', '5s', '3d', '1Y'). For example, set -the idle timeout to expire idle sessions after 10 minutes: +the idle timeout to expire idle sessions after 10 minutes of inactivity: -- [source,yaml]