User sessions are cleared when a user tries to log in, and sessions are cleared every 24 hours from the sessions database table. Configure session lengths by going to System Console > Environment > Session Lengths, or by editing the config.json file as described in the following tables. Changes to configuration settings in this section require a server restart before taking effect.

Extend session length with activity#

Also available in legacy Mattermost Enterprise Edition E10 or E20

Improves the user experience by extending sessions and keeping users logged in if they are active in their Mattermost apps.

true: (Default) Sessions are automatically extended when users are active in their Mattermost client. User sessions only expire when users aren’t active in their Mattermost client for the entire duration of the session lengths defined.
false: Sessions won’t extend with activity in Mattermost. User sessions immediately expire at the end of the session length or based on the session idle timeout configured.

System Config path: Environment > Session Lengths
config.json setting: ".ServiceSettings.ExtendSessionLengthWithActivity: true,
Environment variable: MM_SERVICESETTINGS_EXTENDSESSONLENGTHWITHACTIVITY

Session length for AD/LDAP and email#

Also available in legacy Mattermost Enterprise Edition E10 or E20

Set the number of hours counted from the last time a user entered their credentials into the web app or the desktop app to the expiry of the user’s session on email and AD/LDAP authentication.

Numerical input in hours. Default is 720 hours.

System Config path: Environment > Session Lengths
config.json setting: ".ServiceSettings.SessionLengthWebInHours: 720,
Environment variable: MM_SERVICESETTINGS_SESSONLENGTHWEBINHOURS

Note: After changing this setting, the new session length takes effect after the next time the user enters their credentials.

Session length for mobile#

Also available in legacy Mattermost Enterprise Edition E10 or E20

Set the number of hours counted from the last time a user entered their credential into the mobile app to the expiry of the user’s session.

Numerical input in hours. Default is 720 hours.

System Config path: Environment > Session Lengths
config.json setting: ".ServiceSettings.SessionLengthMobileInHours: 720,
Environment variable: MM_SERVICESETTINGS_SESSONLENGTHMOBILEINHOURS

Note: After changing this setting, the new session length takes effect after the next time the user enters their credentials.

Session length for SSO#

Also available in legacy Mattermost Enterprise Edition E10 or E20

Set the number of hours from the last time a user entered their SSO credentials to the expiry of the user’s session. This setting defines the session length for SSO authentication, such as SAML, GitLab, and OAuth 2.0.

Numerical input in hours. Default is 720 hours. Numbers as decimals are also valid values for this configuration setting.

System Config path: Environment > Session Lengths
config.json setting: ".ServiceSettings.SessionLengthSSOInHours: 720,
Environment variable: MM_SERVICESETTINGS_SESSONLENGTHSSOINHOURS

Notes:

After changing this setting, the new session length takes effect after the next time the user enters their credentials.
If the authentication method is SAML, GitLab, or OAuth 2.0, users may automatically be logged back in to Mattermost if they are already logged in to SAML, GitLab, or with OAuth 2.0.

Session cache#

Also available in legacy Mattermost Enterprise Edition E10 or E20

Set the number of minutes to cache a session in memory.

Numerical input in minutes. Default is 10 minutes.

System Config path: Environment > Session Lengths
config.json setting: ".ServiceSettings.SessionCacheInMinutes: 10,
Environment variable: MM_SERVICESETTINGS_SESSONCACHEINMINUTES

Session idle timeout#

Also available in legacy Mattermost Enterprise Edition E10 or E20

The number of minutes from the last time a user was active on the system to the expiry of the user’s session. Once expired, the user will need to log in to continue.

Numerical input in minutes. Default is 43200 (30 days). Minimum value is 5 minutes, and a value of 0 sets the time as unlimited.

System Config path: N/A
config.json setting: ".ServiceSettings.SessionIdleTimeoutInMinutes: 43200,
Environment variable: MM_SERVICESETTINGS_SESSONIDLETIMEOUTINMINUTES

Notes:

This setting has no effect when extend session length with activity is set to true.
This setting applies to the webapp and the desktop app. For mobile apps, use an EMM provider to lock the app when not in use.
In high availability mode, enable IP hash load balancing for reliable timeout measurement.