+ Start a Discussion
Narendran E 12Narendran E 12 

Salesforce session id changes after session timeout and not logged out the user

I have set the session timeout value to 30 min and enabled "force logout on session timeout" in session settings. I have logged in a salesforce user and kept him idle for more than 30 min. After 40 min, i refreshed the page and noticed that the salesforce session id is being changed and the salesforce session is still active and doesn't logout the user. I didn't also get any warning for the session timeout. Please note that i have not enabled the option "Disable session timeout warning popup"

Can anyone help me on why the user is not logged out eventhough the force logout is enabled? Is there any way to find whether its a new session or renewed session?
anand k 11anand k 11
Hi Narendran,

Determines whether an administrator who is logged in as another user is returned to their previous session after logging out as the secondary user.If the option is enabled, an administrator must log in again to continue using Salesforce after logging out as the user; otherwise, the administrator is returned to the original session after logging out as the user. This option is enabled by default for new organizations beginning with the Summer ‘14 release.

Length of time after which the system logs out inactive users. For Portal users, the timeout is between 10 minutes and 12 hours even though you can only set it as low as 15 minutes. Select a value between 15 minutes and 12 hours. Choose a shorter timeout period if your organization has sensitive information and you want to enforce stricter security.

The last active session time value isn’t updated until halfway through the timeout period. So if you have a 30-minute timeout, the system doesn’t check for activity until 15 minutes have passed. For example, if you update a record after 10 minutes, the last active session time value isn’t updated because there was no activity after 15 minutes. You’re logged out in 20 more minutes (30 minutes total), because the last active session time wasn’t updated. Suppose that you update a record after 20 minutes. That’s 5 minutes after the last active session time is checked. Your timeout resets, and you have another 30 minutes before being logged out, for a total of 50 minutes.