Session Control and Expiration
When a user is authenticated in ClickHelp with a token, with SSO, or through the ClickHelp Login page, they get an authentication cookie set in their web browser. This cookie is valid for 48 hours.
In ClickHelp, we use the sliding expiration approach, which means the following:
- The expiration time is automatically renewed for another 48 hours only if a user uses a portal after 24 hours from when the cookie was created/updated.
- If a user uses a portal within 24 hours from when the cookie was created/updated, renewal does not happen.
|
Note |
| The session is renewed only when a user performs active actions in the portal. For example, if they leave the browser's tab open, the session will expire within 48 hours after the last action, and the user will be logged out. | |
If a user does not access the portal for 48 hours after the cookie was created/updated, the cookie expires — next time the user tries to open a protected guide, the authentication process will be triggered. This may be the SSO authentication sequence or the ClickHelp Login page — this is based on the portal SSO configuration.
In the situation of an expired session, if the link used by the visitor contains a valid login token, the system will use this token to authenticate the visitor. The visitor's browser gets a new authentication cookie that will be valid for 48 hours.