Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. If you like what you see, join us in person at the ninth annual Jamf Nation User Conference (JNUC) this October for three days of learning, laughter and IT love.

JSS Web Interface Timeout

We currently edit the /Library/Tomcat/webapps/ROOT/WEB-INF/ file to increase the Session-Timeout value. It would be great if we could do this from the Settings tab of the JSS interface instead.

Comment
Order by:

Posted: by jarednichols

While nice, this presents a security issue. To edit those files, you need root privileges. This means your JSS is running as a user with sudo rights.

Um, no.

Like

Posted: by quedayone

Funny I was just going to add this feature request.
I share the same security concerns as Jared. Is there some happy medium?
Something perhaps in the JSS setup utility?

Like

Posted: by jarednichols

Something perhaps in the JSS setup utility?

That would be preferred for folks not comfortable mucking around on the command line in important files.

Like

Posted: by kristinlynch

I understand the security issue. And I have no intention of changing files from the command line. However, there should still be an option to reasonably extend the timeout within the JSS to something beyond what it is now.

Like

Posted: by stutz

Those who are wondering where the timeout feature is located in v9.0.1:

C:\Program Files\JSS\Tomcat\cong\web.xml

Do a find for "session" and you will get to the part of the file that controls the session timeout.

Like

Posted: by clifhirtle

Can this timeout vary based on browser ID?

Accessing JSS via mobile and having to login each time continues to be a reason I keep the old JSS Mobile app (and its app-cached credentials) kicking around on my iPad/iPhone.

Like

Posted: by cdenesha

I would like to be able to configure this somewhere besides a settings file, which from what I read on another thread I'll need to update each time I upgrade. Perhaps the setup utility or DB/Tomcat utility, if the settings 'stick'.

Like

Posted: by justin

i've been asking for the same thing. great idea. the timeout is frustratingly quick.

Like

Posted: by spalmer

Instead of a longer timeout how about mimicking other systems in that there is a check box at the login window to "Keep me logged in" similar to what other services do, like Exchange. You could supplement this by putting a big warning notice to only do this on your own computer and not on "public" computers. I would suggest that this checkbox still has a timeout associated with it that can be configured in the JSS, but it should be a very high number, like 8 or 10 hours, by default so that you can get through a work day without constantly logging back in.

I will try to embed a quick and dirty mockup below. My apologies if this doesn't work:
external image link

And I have to add that I hope that something is implemented very soon. I am very tired of signing into the JSS 10 to 20 times a day. The feature added in 9.2x (or 9.1x, I can't remember) that warns you the session is about to expire allowing you to extend it is not really helpful at all because I always miss those warnings. On average I have about 5 to 10 browser windows open based on projects I am working on spread across several different virtual desktops, a.k.a "Spaces", and in each browser window I can have anywhere from 5 to 10 tabs open. One of my windows is usually dedicated to working on our JSS and it is always a pain juggling those 5 to 10 tabs in that window making sure one of them hasn't started the process of timing out.

Like

Posted: by clifhirtle

Agreed @spalmer. One of the things I loved about the older JSS Mobile apps was the auto-auth back into the JSS, saving the trouble of thumbing out complex passwords on the go. Love to see some means of reducing the pain of managing the JSS on the go.

Like

Posted: by cdenesha

Now that we are Hosted I can no longer extend my timeout from 30 minutes to 90 (what I thought was a reasonable compromise between availability and security). We also lock our machines when we step away.

Please put this setting into the GUI.

Thank you,

chris

Like

Posted: by theresa

Add this to the GUI please ... !!!!

Like

Posted: by iOSGenius

This would be helpful in the GUI, for the time being I have my Safari or Chrome browser save the login and password so when i visit again it will populate automatically. Though it would be helpful when on a computer that is public as then i have to pull up my 1Password or Roboform App to recall the password -

Please add to help us -

Like

Posted: by CasperSally

please add this to GUI as one less thing for me to check doesn't change on every upgrade.

Like

Posted: by murph

I get tired of changing this after every update.

Like

Posted: by cscsit

Please! Please add this to the GUI! I get so sick and tired of being logged out every 5 minutes. It feels like I spend more time logging in than I do using the program.

Like

Posted: by AVmcclint

After upgrading to 9.8 the lines in the xml files where I edited the timeout period previously were actually removed. Gone. It is very frustrating not only that we can't set this timeout period via the JSS, but that the lines where we would do it manually were removed.

Like

Posted: by djwojo

What if we did this on a per account basis? For example: we want to run the dashboard page for x number of minutes under a specific read only ID for an executive overview. Being a read only account would limit the security risk.

Like

Posted: by ttyler

Bump up for those using jamfcloud... and trying to upload an OS image.

Like

Posted: by barnesaw

Making it so an JSS upgrade didn't destroy this setting would also be an acceptable workaround

Like

Posted: by jwalters310

Add me to the list of users who gets tired of logging in all the time. Even when I am working in the program it still somehow manages to log me out.

Like

Posted: by mm2270

I'm also getting annoyed with the short timeout setting. It didn't bother me so much before, but what I've noticed since upgrading to 9.99.0 is that when I get the "You've been logged out" type of message, there is now a button to re login. Unfortunately, about 80% of the time clicking that ends up causing my entire browser session to lock up. Any other open tabs become unresponsive and I need to close all tabs or sometimes force quit the browser. So not only does it log me out too frequently, if I want to be able to continue to work, I have to close all windows/tabs and start over. This is a major time waster! I hope this gets addressed in a future release, or, is it already better under 9.100?

Anyway, add me to the list of those wanting to see this in the GUI. If Jamf is concerned some customers will compromise their security by bumping it up too high, how about only containing some preset values? Like a drop down with some reasonable values going from "Very Secure" to "Light Security" where the latter would be the longest reasonable timeout (90 minutes or 2 hours for example) Give us some ability to control this and make our own decisions here, please!

Like

Posted: by spalmer

I have also noticed a change in behavior, back when we upgrade to 9.93, that it also refreshes the entire page even if you catch it while it is counting down before timing out by clicking the Continue button.

This is very frustrating especially if this happens on a page where I was in the middle of editing a policy or where I am filtering policies or had some policies hidden or expanded to help find something. When I click Continue to avoid getting logged out it completely refreshes the page wiping out every thing I did. In previous versions when you caught it before the countdown ended the dialog just disappeared without refreshing the page so that you could continue with what you were working on.

I tend to by a typical busy IT admin constantly bouncing between many projects, meetings and interruptions and I typically have many (like 10 to 20) tabs open for our JSS most of the time so I would prefer that I not get kicked off of what I was doing especially if I catch the warning and click continue before the timeout completely logs me out. It would be a huge time saver to go back to the old method where it did not wipe out my work, and it would be even better if it also remembered my state even if the countdown finishes and kicks me off. That way I could log back in and start exactly where I left off.

The length of the timeout was barely tolerable before this change, but now that my in-progress work gets wiped when I click on Continue on the timeout countdown it is super frustrating.

And here we are with yet another feature request from almost six years ago with a large number of votes and marked as "Under Review" that seems to have stagnated and gone nowhere. In those six years it could have saved me thousands of re-logins and time not spent getting back to a state I was previously in before getting kicked off.

Like

Posted: by LukeMason

Another frustrating thing I've noticed (at least using Safari) is that if you have multiple JSS tabs open then they time-out independantly and if one of your tabs timeouts and you go to "re-login" to one, then it kicks you out of all of the other tabs... This is very frustrating.

Like

Posted: by howie_isaacks

Jamf should leave the timeout value up to us, the administrators. We know best how we want to use the product. I can do this with other web applications, but not Jamf Pro.

Like

Posted: by mm2270

I gotta throw in another "Please do this!" here. The amount of times I am logged out of the web UI within the space of even an hour is simply absurd. Unless I'm literally working within the UI almost every 2 minutes it feels like I'm being booted off. It's incredibly frustrating! I'm the only person who uses the JSS. I lock my computer if I have to leave it for even 10 seconds. I need to be able to stay logged in for longer lengths of time without worrying that if I haven't used it in the last couple of minutes that I will get bounced out.

And to add insult to injury, the issue I mentioned in my post above from 8/9 is a serious pain and is still a problem in the version I'm on. I CANNOT click that Login button when I'm logged out or it causes my whole browser to hang up, and I end up needing to force quit it. Seriously, this is a major hindrance to getting actual work done!

It's such a pain that I am probably just going to go into the web.xml setting and make the necessary bump. I was trying to not do that, but I just can't handle the super fast timeout anymore.

Like

Posted: by murph

I take it this didn't make it into v10.0 either?

Like

Posted: by thejenbot

i see that this duplicate-ish request was supposedly implemented, and when i'm in my jss running 9.101.blahblahwhatever i do see a dialog box pop up saying "Session Expiring - Your session will expire in 60 second"s - and then it starts counting down. my options are "Logout" and "Continue", so logically when i click on Continue i would expect that it would let me actually continue my session - but it boots me back to the login screen. so i now ask - what is the point of that Continue button if it doesn't actually work?

i mean, it's nice that now you're alerted that you're timing out, but to be teased with the word Continue when it's clear a continuation of your session isn't currently possible is just stupid. how about "you've timed out," or "you're going to time out in 60 seconds unless you want to speed that process up, in which case click either of these buttons that have two different words on them - they both do the same thing. we programmed it to do that because we can and there isn't a thing you can do about it."

Like

Posted: by spalmer

To add to this I have noticed (at least since we upgraded to 9.100.0 a few months ago) that I can be actively working and have it start counting down on me.

This just happened to me again this morning. The countdown timer kicked on literally about 1 minute after I clicked on a plus/expand button on the policy page. This is extremely frustrating because I was browsing through a list of 3,000 policies sometimes filtering by different terms and expanding policies to look at more detail. Sometimes I would leave them expanded to remember which ones I need to go back and look at in more detail and then lose my place because clicking "Continue" reloads the screen.

So it is not a very good timeout system because it isn't accurately looking at all types of active things you are doing to determine when to timeout.

Like

Posted: by AVmcclint

I have found that when I get the prompt to continue, if I just press Cmd-R to reload the page, it refreshes my connection. If I reload the page well after the countdown has long since expired, I will still have to login again. I never click Continue because it rarely ever works anyway.

Like

Posted: by spalmer

Clicking Continue either reloads the page if the timeout hasn't expired or kicks you off to a login screen if the has expired both of which are effectively the same affect as Cmd-R in that it kills any work in progress.

Sometimes I don't want to do any of those actions because they will all lose any unsaved work I might have (if say, I got interrupted by a phone call or somebody stopping by my office).

The Continue button should only ever reset the timer and get rid of the dialog box. It should never reload the page. That's like macOS attempting to restart for an OS update and when its blocked by an unsaved Word document you cancel the restart only to have all unsaved changes in your Word document erased.

Like