<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Session timeout not only for user inactivity in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Session-timeout-not-only-for-user-inactivity-Is-there-a-way-to/m-p/401130#M71426</link>
    <description>&lt;P&gt;Found the solution (thanks to Support). Sharing it for who is interested:&lt;/P&gt;

&lt;P&gt;Within Splunk all user session timeouts are the result of inactivity, so we effectively only close sessions if they exceed the configured idle time and we provide no mechanism to force sessions to expire/terminate.&lt;/P&gt;

&lt;P&gt;However, while it's not a supported feature we do track session tokens, so you could fashion your own solution to delete specific tokens (authentication/httpauth-tokens):&lt;/P&gt;

&lt;P&gt;&lt;A href="https://docs.splunk.com/Documentation/Splunk/7.2.1/RESTREF/RESTaccess#authentication.2Fhttpauth-tokens.2F.7Bname.7D"&gt;https://docs.splunk.com/Documentation/Splunk/7.2.1/RESTREF/RESTaccess#authentication.2Fhttpauth-tokens.2F.7Bname.7D&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;You could query the endpoint to list out all session tokens, then delete the token, for example:&lt;/P&gt;

&lt;P&gt;curl -k -u admin:changeme &lt;A href="https://localhost:8089/services/authentication/httpauth-tokens"&gt;https://localhost:8089/services/authentication/httpauth-tokens&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;curl -k -u admin:changeme --request DELETE &lt;A href="https://localhost:8089/services/authentication/httpauth-tokens/vdZv2eB9F0842dyJhrIEiGNTcBMpBeGuwGPYxtGLKAESQkzjSjG7dbymQW58y%5EoI3kxYXWfK_Fd3cRGqwPQGp58RvEkzwCaC6PmQgCsK"&gt;https://localhost:8089/services/authentication/httpauth-tokens/vdZv2eB9F0842dyJhrIEiGNTcBMpBeGuwGPYxtGLKAESQkzjSjG7dbymQW58y^oI3kxYXWfK_Fd3cRGqwPQGp58RvEkzwCaC6PmQgCsK&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;As mentioned above we provide no official mechanism for doing this, but you should be able to use the above to achieve the same result.&lt;/P&gt;

&lt;P&gt;Alternatively, since you have CA-Siteminder you should be able to enforce session time limits, through WebAgent-OnAuthAccept-Session-MaxTimeout for example - just note that I am not overly familiar with CA-Siteminder so can't advise on how this should be configured.&lt;/P&gt;</description>
    <pubDate>Mon, 22 Jul 2019 07:15:57 GMT</pubDate>
    <dc:creator>clotti_splunk</dc:creator>
    <dc:date>2019-07-22T07:15:57Z</dc:date>
    <item>
      <title>Session timeout not only for user inactivity- Is there a way to set a &amp;quot;global&amp;quot; session timeout?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Session-timeout-not-only-for-user-inactivity-Is-there-a-way-to/m-p/401129#M71425</link>
      <description>&lt;P&gt;Hi guys,&lt;BR /&gt;is there any way to set a "global" session timeout?&lt;BR /&gt;Not only for user inactivity but for all users even if they are working!&lt;BR /&gt;(I know, this look like a stupid question, but the customer asked it for security reason).&lt;BR /&gt;Many thanks.&lt;/P&gt;</description>
      <pubDate>Fri, 05 Aug 2022 14:23:01 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Session-timeout-not-only-for-user-inactivity-Is-there-a-way-to/m-p/401129#M71425</guid>
      <dc:creator>clotti_splunk</dc:creator>
      <dc:date>2022-08-05T14:23:01Z</dc:date>
    </item>
    <item>
      <title>Re: Session timeout not only for user inactivity</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Session-timeout-not-only-for-user-inactivity-Is-there-a-way-to/m-p/401130#M71426</link>
      <description>&lt;P&gt;Found the solution (thanks to Support). Sharing it for who is interested:&lt;/P&gt;

&lt;P&gt;Within Splunk all user session timeouts are the result of inactivity, so we effectively only close sessions if they exceed the configured idle time and we provide no mechanism to force sessions to expire/terminate.&lt;/P&gt;

&lt;P&gt;However, while it's not a supported feature we do track session tokens, so you could fashion your own solution to delete specific tokens (authentication/httpauth-tokens):&lt;/P&gt;

&lt;P&gt;&lt;A href="https://docs.splunk.com/Documentation/Splunk/7.2.1/RESTREF/RESTaccess#authentication.2Fhttpauth-tokens.2F.7Bname.7D"&gt;https://docs.splunk.com/Documentation/Splunk/7.2.1/RESTREF/RESTaccess#authentication.2Fhttpauth-tokens.2F.7Bname.7D&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;You could query the endpoint to list out all session tokens, then delete the token, for example:&lt;/P&gt;

&lt;P&gt;curl -k -u admin:changeme &lt;A href="https://localhost:8089/services/authentication/httpauth-tokens"&gt;https://localhost:8089/services/authentication/httpauth-tokens&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;curl -k -u admin:changeme --request DELETE &lt;A href="https://localhost:8089/services/authentication/httpauth-tokens/vdZv2eB9F0842dyJhrIEiGNTcBMpBeGuwGPYxtGLKAESQkzjSjG7dbymQW58y%5EoI3kxYXWfK_Fd3cRGqwPQGp58RvEkzwCaC6PmQgCsK"&gt;https://localhost:8089/services/authentication/httpauth-tokens/vdZv2eB9F0842dyJhrIEiGNTcBMpBeGuwGPYxtGLKAESQkzjSjG7dbymQW58y^oI3kxYXWfK_Fd3cRGqwPQGp58RvEkzwCaC6PmQgCsK&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;As mentioned above we provide no official mechanism for doing this, but you should be able to use the above to achieve the same result.&lt;/P&gt;

&lt;P&gt;Alternatively, since you have CA-Siteminder you should be able to enforce session time limits, through WebAgent-OnAuthAccept-Session-MaxTimeout for example - just note that I am not overly familiar with CA-Siteminder so can't advise on how this should be configured.&lt;/P&gt;</description>
      <pubDate>Mon, 22 Jul 2019 07:15:57 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Session-timeout-not-only-for-user-inactivity-Is-there-a-way-to/m-p/401130#M71426</guid>
      <dc:creator>clotti_splunk</dc:creator>
      <dc:date>2019-07-22T07:15:57Z</dc:date>
    </item>
    <item>
      <title>Re: Session timeout not only for user inactivity</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Session-timeout-not-only-for-user-inactivity-Is-there-a-way-to/m-p/608397#M105566</link>
      <description>&lt;P&gt;Hello, this is really needed feature, also it seems http tokens are not accurate, I had one user without any more token and still doing searches. Thanks.&lt;/P&gt;</description>
      <pubDate>Fri, 05 Aug 2022 07:30:56 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Session-timeout-not-only-for-user-inactivity-Is-there-a-way-to/m-p/608397#M105566</guid>
      <dc:creator>splunkreal</dc:creator>
      <dc:date>2022-08-05T07:30:56Z</dc:date>
    </item>
  </channel>
</rss>

