Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

JSS Web Interface Timeout

We currently edit the /Library/Tomcat/webapps/ROOT/WEB-INF/ file to increase the Session-Timeout value. It would be great if we could do this from the Settings tab of the JSS interface instead.

Comment

Posted: 11/22/11 at 7:36 AM by jarednichols

While nice, this presents a security issue. To edit those files, you need root privileges. This means your JSS is running as a user with sudo rights.

Um, no.

Like

Posted: 11/22/11 at 1:12 PM by quedayone

Funny I was just going to add this feature request.
I share the same security concerns as Jared. Is there some happy medium?
Something perhaps in the JSS setup utility?

Like

Posted: 11/28/11 at 8:07 AM by jarednichols

Something perhaps in the JSS setup utility?

That would be preferred for folks not comfortable mucking around on the command line in important files.

Like

Posted: 12/5/12 at 10:25 AM by kristinlynch

I understand the security issue. And I have no intention of changing files from the command line. However, there should still be an option to reasonably extend the timeout within the JSS to something beyond what it is now.

Like

Posted: 9/12/13 at 8:37 AM by stutz

Those who are wondering where the timeout feature is located in v9.0.1:

C:\Program Files\JSS\Tomcat\cong\web.xml

Do a find for "session" and you will get to the part of the file that controls the session timeout.

Like

Posted: 9/19/13 at 9:20 AM by clifhirtle

Can this timeout vary based on browser ID?

Accessing JSS via mobile and having to login each time continues to be a reason I keep the old JSS Mobile app (and its app-cached credentials) kicking around on my iPad/iPhone.

Like

Posted: 11/26/13 at 8:37 AM by cdenesha

I would like to be able to configure this somewhere besides a settings file, which from what I read on another thread I'll need to update each time I upgrade. Perhaps the setup utility or DB/Tomcat utility, if the settings 'stick'.

Like

Posted: 2/25/14 at 11:05 AM by justin

i've been asking for the same thing. great idea. the timeout is frustratingly quick.

Like

Posted: 5/6/14 at 3:14 PM by spalmer

Instead of a longer timeout how about mimicking other systems in that there is a check box at the login window to "Keep me logged in" similar to what other services do, like Exchange. You could supplement this by putting a big warning notice to only do this on your own computer and not on "public" computers. I would suggest that this checkbox still has a timeout associated with it that can be configured in the JSS, but it should be a very high number, like 8 or 10 hours, by default so that you can get through a work day without constantly logging back in.

I will try to embed a quick and dirty mockup below. My apologies if this doesn't work:
external image link

And I have to add that I hope that something is implemented very soon. I am very tired of signing into the JSS 10 to 20 times a day. The feature added in 9.2x (or 9.1x, I can't remember) that warns you the session is about to expire allowing you to extend it is not really helpful at all because I always miss those warnings. On average I have about 5 to 10 browser windows open based on projects I am working on spread across several different virtual desktops, a.k.a "Spaces", and in each browser window I can have anywhere from 5 to 10 tabs open. One of my windows is usually dedicated to working on our JSS and it is always a pain juggling those 5 to 10 tabs in that window making sure one of them hasn't started the process of timing out.

Like

Posted: 5/7/14 at 9:39 AM by clifhirtle

Agreed @spalmer. One of the things I loved about the older JSS Mobile apps was the auto-auth back into the JSS, saving the trouble of thumbing out complex passwords on the go. Love to see some means of reducing the pain of managing the JSS on the go.

Like

Posted: 9/2/15 at 7:43 AM by cdenesha

Now that we are Hosted I can no longer extend my timeout from 30 minutes to 90 (what I thought was a reasonable compromise between availability and security). We also lock our machines when we step away.

Please put this setting into the GUI.

Thank you,

chris

Like

Posted: 3/30/16 at 9:45 AM by theresa

Add this to the GUI please ... !!!!

Like

Posted: 3/30/16 at 3:33 PM by iOSGenius

This would be helpful in the GUI, for the time being I have my Safari or Chrome browser save the login and password so when i visit again it will populate automatically. Though it would be helpful when on a computer that is public as then i have to pull up my 1Password or Roboform App to recall the password -

Please add to help us -

Like

Posted: 4/4/16 at 8:12 AM by CasperSally

please add this to GUI as one less thing for me to check doesn't change on every upgrade.

Like

Posted: 4/4/16 at 12:51 PM by murph

I get tired of changing this after every update.

Like

Posted: 9/28/16 at 11:00 AM by cscsit

Please! Please add this to the GUI! I get so sick and tired of being logged out every 5 minutes. It feels like I spend more time logging in than I do using the program.

Like

Posted: 9/29/16 at 6:20 AM by AVmcclint

After upgrading to 9.8 the lines in the xml files where I edited the timeout period previously were actually removed. Gone. It is very frustrating not only that we can't set this timeout period via the JSS, but that the lines where we would do it manually were removed.

Like

Posted: 10/4/16 at 2:39 PM by djwojo

What if we did this on a per account basis? For example: we want to run the dashboard page for x number of minutes under a specific read only ID for an executive overview. Being a read only account would limit the security risk.

Like

Posted: 2/1/17 at 11:36 PM by ttyler

Bump up for those using jamfcloud... and trying to upload an OS image.

Like

Posted: 4/14/17 at 11:44 AM by barnesaw

Making it so an JSS upgrade didn't destroy this setting would also be an acceptable workaround

Like

Posted: 8/9/17 at 7:58 AM by jwalters310

Add me to the list of users who gets tired of logging in all the time. Even when I am working in the program it still somehow manages to log me out.

Like

Posted: 8/9/17 at 9:41 AM by mm2270

I'm also getting annoyed with the short timeout setting. It didn't bother me so much before, but what I've noticed since upgrading to 9.99.0 is that when I get the "You've been logged out" type of message, there is now a button to re login. Unfortunately, about 80% of the time clicking that ends up causing my entire browser session to lock up. Any other open tabs become unresponsive and I need to close all tabs or sometimes force quit the browser. So not only does it log me out too frequently, if I want to be able to continue to work, I have to close all windows/tabs and start over. This is a major time waster! I hope this gets addressed in a future release, or, is it already better under 9.100?

Anyway, add me to the list of those wanting to see this in the GUI. If Jamf is concerned some customers will compromise their security by bumping it up too high, how about only containing some preset values? Like a drop down with some reasonable values going from "Very Secure" to "Light Security" where the latter would be the longest reasonable timeout (90 minutes or 2 hours for example) Give us some ability to control this and make our own decisions here, please!

Like

Posted: 8/9/17 at 12:46 PM by spalmer

I have also noticed a change in behavior, back when we upgrade to 9.93, that it also refreshes the entire page even if you catch it while it is counting down before timing out by clicking the Continue button.

This is very frustrating especially if this happens on a page where I was in the middle of editing a policy or where I am filtering policies or had some policies hidden or expanded to help find something. When I click Continue to avoid getting logged out it completely refreshes the page wiping out every thing I did. In previous versions when you caught it before the countdown ended the dialog just disappeared without refreshing the page so that you could continue with what you were working on.

I tend to by a typical busy IT admin constantly bouncing between many projects, meetings and interruptions and I typically have many (like 10 to 20) tabs open for our JSS most of the time so I would prefer that I not get kicked off of what I was doing especially if I catch the warning and click continue before the timeout completely logs me out. It would be a huge time saver to go back to the old method where it did not wipe out my work, and it would be even better if it also remembered my state even if the countdown finishes and kicks me off. That way I could log back in and start exactly where I left off.

The length of the timeout was barely tolerable before this change, but now that my in-progress work gets wiped when I click on Continue on the timeout countdown it is super frustrating.

And here we are with yet another feature request from almost six years ago with a large number of votes and marked as "Under Review" that seems to have stagnated and gone nowhere. In those six years it could have saved me thousands of re-logins and time not spent getting back to a state I was previously in before getting kicked off.

Like

Posted: 8/18/17 at 4:09 PM by LukeMason

Another frustrating thing I've noticed (at least using Safari) is that if you have multiple JSS tabs open then they time-out independantly and if one of your tabs timeouts and you go to "re-login" to one, then it kicks you out of all of the other tabs... This is very frustrating.

Like

Posted: 8/19/17 at 8:58 AM by howie_isaacks

Jamf should leave the timeout value up to us, the administrators. We know best how we want to use the product. I can do this with other web applications, but not Jamf Pro.

Like

Posted: 9/13/17 at 3:08 PM by mm2270

I gotta throw in another "Please do this!" here. The amount of times I am logged out of the web UI within the space of even an hour is simply absurd. Unless I'm literally working within the UI almost every 2 minutes it feels like I'm being booted off. It's incredibly frustrating! I'm the only person who uses the JSS. I lock my computer if I have to leave it for even 10 seconds. I need to be able to stay logged in for longer lengths of time without worrying that if I haven't used it in the last couple of minutes that I will get bounced out.

And to add insult to injury, the issue I mentioned in my post above from 8/9 is a serious pain and is still a problem in the version I'm on. I CANNOT click that Login button when I'm logged out or it causes my whole browser to hang up, and I end up needing to force quit it. Seriously, this is a major hindrance to getting actual work done!

It's such a pain that I am probably just going to go into the web.xml setting and make the necessary bump. I was trying to not do that, but I just can't handle the super fast timeout anymore.

Like

Posted: 11/3/17 at 1:47 PM by murph

I take it this didn't make it into v10.0 either?

Like