One important piece of managing user logins in any system is determining the maximum session timeout for users. ServiceNow allows administrators to set a global session timeout or allow users the option of having their session remembered and never logging the user out unless they log out themselves.
In some cases, you may need additional flexibility around these session timings. You might want to time users out of the system after a certain period of time even if they have the ‘Remember me’ checkbox checked. You might also want to evaluate the timeout based on specific user criteria. The base configuration doesn’t allow you to have this kind of flexibility, but you can introduce additional capabilities via a scheduled job script. This solution shows how you can force a session timeout even for users with the ‘Remember me’ checkbox selected.
This configuration can be accomplished in a few simple steps as shown below…
- Create a new system property to store the maximum number of hours of inactivity for ‘Remember me’ logins.
Storing the maximum number of hours in a system property will allow for the modification of the timeout without having to go in and modify the scheduled job script directly.
- Create a new scheduled job to automatically run a script.
The script queries the ‘Logged in Users’ [v_user_session] table for users who haven’t had an active transaction in the last ‘x’ number of hours based on the ‘glide.ui.remember_me_timeout’ property you set up above. If the condition is met, the user session is locked, logging them out of the system. This is based on the mechanism that ServiceNow has to allow admins to log users out of the system manually. Once logged out, the user will be redirected to a login screen upon their next attempted navigation within the system. This script can be further adjusted to calculate the timeout based on minutes or even look at individual user criteria as well.
Description: Log out ‘Remember me’ users after a certain amount of inactivity (in hours).
Value: 24 (or whatever you like)
Name: Force Maximum Inactivity Timeout (Remember me)
Repeat interval: 15 minutes
Run this script:
//Pulls number of hours from 'glide.ui.remember_me_timeout' property
var maxInactiveHours = gs.getProperty('glide.ui.remember_me_timeout');
var sess = new GlideRecord('v_user_session');
sess.addEncodedQuery('user!=guest^last_transaction_timeRELATIVELE@hour@ago@' + maxInactiveHours);
//Optionally test for user-specific criteria here. 'sess.user' contains the user_name so you can query on it.
sess.locked = true;
If you’ve done all of the above steps correctly, you should end up with a simple-to-maintain mechanism for controlling the duration of those ‘Remember me’ sessions automatically.