Go to main content

Oracle® ILOM Security Guide For Firmware Releases 3.x and 4.x

Exit Print View

Updated: May 2019
 
 

Set a Timeout Interval for Inactive Web Sessions

The Oracle ILOM web session timeout intervals provide security for web access users who forget to log out. The web session time-out intervals determine how many minutes can lapse until an inactive HTTP or HTTPS web session is automatically logged out. This feature reduces the risk of an unauthorized user finding an unattended computer with an established authenticated web session to Oracle ILOM.

To view or modify the web session time-out intervals set for HTTP and HTTPS sessions, see the following web-based instructions.

Before You Begin

  • The default web session time-out interval set for HTTP and HTTPS connections is 15 minutes.


    Note - Lowering the session time-out might cause users to have to re-enter his or her user name and password more often, as sessions expire. However, lowering the session time-out will shorten the amount of time during which unattended authenticated web sessions remain active.
  • Admin (a) role is required to modify the web server properties

  • The HTTP and HTTPS session time-out interval properties are only configurable in Oracle ILOM for server SPs running firmware release 3.0.4 or later.

  1. Navigate to the Web Server page.

    For instance, in the:

    • 3.0.x web interface, click Configuration -> System Management Access -> Web Server.
    • 3.1 and later web interface, click ILOM Administration -> Management Access -> Web Server.
  2. In the Web Server page, perform the following:
    1. Navigate to the HTTP or HTTP Session Timeout property.
    2. Enter a number between 1-720 minutes to specify how many minutes can lapse until an inactive web session is automatically logged out.
    3. Click Save to apply the changes.

Related Information