Understanding Sessions and Idle Timeout

Session Management

Boottify uses secure sessions to keep you authenticated. Understanding how sessions work helps you stay productive and secure.

How Sessions Work

When you sign in, Boottify creates a secure session linked to your browser. Key details:

• Sessions are stored server-side and identified by a secure session cookie.
• The cookie is HTTP-only and secure — it cannot be accessed by JavaScript and is only sent over HTTPS.
• Each session is tied to a specific browser/device.

Idle Timeout (15 Minutes)

For security, Boottify implements a 15-minute idle timeout:

• If you don't interact with the platform for 15 minutes, your session is automatically ended.
• A warning notification appears at 2 minutes and 1 minute before timeout.
• Any interaction (clicking, typing, scrolling) resets the idle timer.
• A periodic heartbeat request keeps your session fresh while you're active.

Managing Active Sessions

You can view and manage all your active sessions:

1. Go to Settings → Security.
2. Click Active Sessions to see a list of all devices where you're signed in.
3. Each entry shows the browser, operating system, IP address, and last activity time.
4. Click Revoke on any session to immediately sign out that device.

Automatic Sign-Out

You will be automatically signed out when:

• The idle timeout expires (15 minutes of inactivity).
• You click Sign Out from the user menu.
• An admin revokes your session.
• Your account is deactivated.

Security Best Practices

• Always sign out when using shared or public computers.
• Regularly review your active sessions for any unfamiliar devices.
• Enable 2FA for additional protection even if your session is compromised.