Session Security in Salesforce.com

In this salesforce tutorial we are going to learn about Session Security in Salesforce.com, what is session security in salesforce and how can we configure session timeout in salesforce.

What is session security in salesforce.com?

 Session security in salesforce.com is that which limits exposure to network when a user leaves their computer unattended while still logged on.

When a user login into salesforce.com, then a session cookie is issued to record encrypted authentication information for the duration of a the session. Here Session security prevents user to expose to network when a user leaves their computer unattended while still logged in. Every user can configure session timeout within the Organization. By default session timeout is two hours, we can change the session timeout. When a user’s session times out, a popup window will be displayed on the screen and asks the user to continue working or log out. Now user must respond to the dialog. If they do not respond to the Session timeout dialog at all, they are automatically logged out.

How to configure session settings in Salesforce.com?

Every salesforce user can edit these setting by the following steps.

  1. Go to Setup -> Administration Setup -> Security Controls -> Session Settings.Session Security in Salesforce.com
  2. After clicking on Session setting a new page will be displayed which shows settings like session timeout, session settings, caching, clickjack protection, cross-site Request Forgery (CSRF) protection, Content Security Policy protection, Session security level and logout page settings.
  3. In Session timeout session we can set timeout value from 15 minutes to 12 hours.

Session Security in Salesforce.com

4.And finally save all the settings.

In session settings we can lock sessions to ip address, domains and also we can enable cache and autocomplete on login page. And also we can set logout page url in logout page settings. When we add logout Url starts with HTTP or HTTPS it redirect users to a specific page after they log out of Salesforce.