Hello František,

Thank you for the feedback.
What exactly is the function "remember me"?
Where can I find these?

We use SAML (SingleSignOn). Maybe this function does not exist at all with us.

Best Regards
Florian

Hello Florian,

 the "remember me" function in login form. Do you use Confluence login form, or do you have some kind of other login form outside Confluence?

If you use this function, it should saves a cookie into your browser and everytime you access the Confluence it check for this cookie and you should stay logged in (till cookie is invalidated). That will make your users stay logged in without logouts and you can still maintain 60 minutes timeout time. Timeout is applied, when user stops using the application. So if you return after more then 60 minutes, it checks for your session (which is expired), but if you use Remember me function, it will validate the cookie and log you in automatically, so user won't notice. If this is not the case or not an answer, I am sorry if I got you wrong.

Anyway - about increasing the default timeout - it really depends on lots of things. The biggest disadvantage of that lies at security breaches. It depends on many things - like if the app is hidden behind VPN, what data you store on confluence (or will store), how bad will security breach affect your bussines and so on. In general, some high risk apps have session timeout set to 2 - 3 minutes, so if you don't touch the app for short time, you need to validate again. It is mostly up to you, what time you set for this, it should not affect much on server side. This is rather a security feature.

Many Thanks.
We do not currently use the standard login form.

The assessment and the description helped me a lot.
We will check our Security Requirements.

No problems, I was happy to help!

You can check other cool discussions about it for example here:

https://security.stackexchange.com/questions/106786/how-long-should-a-session-absolute-timeout-be

Have a nice day.

Regards,

František Špaček