Q2 R1 2025 Release

Aktualisiert am 29 May 2025
1 Minute zum Lesen

Drucken
Teilen
Dunkel

Licht
pdf

The content is currently unavailable in German. You are viewing the default English version.

Artikel-Zusammenfassung

Fanden Sie diese Zusammenfassung hilfreich?

Vielen Dank für Ihr Feedback

	Q1 R2 2025 Release Last updated: May 29, 2025

Enterprise-grade session management

Enterprise-grade session management

What is new?

We've introduced major improvements to how sessions are managed across Whatfix products, strengthening overall session security and control.

The following table describes the changes for concurrent sessions across product types inactivity timeout, and session expiry for role updates:

Features	Previous Behavior	What's Changed?
Concurrent Sessions	A single user could have multiple active Whatfix sessions.	Whatfix now enforces a limit of one active session. When a user logs into a product, across multiple devices or browsers, the older session is automatically terminated.
Inactivity Timeout	Previously, session timeouts were set to 30 minutes of inactivity, but only triggered if the browser tab was closed. If the tab remains open, user sessions could remain active indefinitely.	The 30-minute timeout is now based on actual user inactivity (no cursor or keyboard movements). If a user is inactive for 30 minutes, their session automatically expires, regardless of whether the browser tab is open. If the Keep me logged in or Remember me checkbox is selected during login, the user is logged out only after 7 days of inactivity.
Role Change Session Expiry	When a user's role is changed, their current session continues with the previous role's permissions until they log out and log back in. During this time, the user might be able to access features and perform actions allowed by their previous role.	User sessions now end immediately when a user's role is changed. For example, when a role is updated from Account Manger to Editor, the user must log in again to perform actions with their updated permissions.

Features

Previous Behavior

What's Changed?

Concurrent Sessions

A single user could have multiple active .

Whatfix now enforces a limit of one active session. When a user logs into a product, across multiple devices or browsers, the older session is automatically terminated.

Inactivity Timeout

Previously, session timeouts were set to 30 minutes of inactivity, but only triggered if the browser tab was closed. If the tab remains open, user sessions could remain active indefinitely.

The 30-minute timeout is now based on actual user inactivity (no cursor or keyboard movements). If a user is inactive for 30 minutes, their session automatically expires, regardless of whether the browser tab is open.

If the Keep me logged in or Remember me checkbox is selected during login, the user is logged out only after 7 days of inactivity.

Role Change Session Expiry

When a user's role is changed, their current session continues with the previous role's permissions until they log out and log back in. During this time, the user might be able to access features and perform actions allowed by their previous role.

User sessions now end immediately when a user's role is changed. For example, when a role is updated from Account Manger to Editor, the user must log in again to perform actions with their updated permissions.

Why does it matter to me?

The following are the benefits:

Limited active sessions prevents unauthorized access.
The new inactivity timeout ensures that even if you step away from your computer, your session won't remain vulnerable.
Immediate session termination upon role changes guarantees that you and your team always have the correct access and permissions, keeping your account and content secure.

How do I do this?

These capabilities are available to all users without any additional configuration.

War dieser Artikel hilfreich?

What's Next

Q1 R2 2025 Veröffentlichung

Inhaltsverzeichnis

Enterprise-grade session management