When any user logs in, the session created should only be used by that one individual and never shared (just as login details should never be shared).\u00a0 W2W has different security features that assist in this effort, which prevent users from sharing active session links and blocking others from attempting to use the same session on another device or location.\u00a0<\/p>\n
Our system will always attempt to create a device-specific session whenever possible.\u00a0 This is achieved when, upon a successful login from either our secure desktop or mobile login pages, our system places a small plain text file (referred to as a \u2018cookie\u2019) on the device.\u00a0 With device specific sessions, use of the particular session can only be provided if the associated cookie data and browser version are available and verified.\u00a0 Note the cookie data is not used for any other purpose nor tracking, just for identifying if session is being used on same device.
\n\u00a0
\nWe offer two different session security levels, and for most organizations we recommend \u201cLevel 2\u201d as that offers the most security while still allowing universal access.\u00a0 Please review the differences offered for each Level below before changing this setting option.<\/p>\n
This lowest level of session security will still attempt to create a device-specific session whenever possible, but if user does not allow cookies it will allow user to continue through a non device-specific session anyway.\u00a0 Also, with this level there is no IP-specific restrictions, so the session can continue if the IP address changes during the session.\u00a0 This level is not recommended unless in extreme case where an organization both requires no cookie use and also has load balancing software that changes IP addresses often.\u00a0<\/p>\n
This level of session security will attempt to create a device-specific session whenever possible, but if the user does not allow cookies it will allow user to continue the session anyway.\u00a0 Any use of a non device-specific desktop session will require a static IP address, so it will block any attempt to use session on a different IP address.\u00a0 Note mobile sessions do not require a static IP address, since cellular data can change address locations, so please see final note below about how to ensure sessions are ended when complete.\u00a0\u00a0 This level is recommended for most organizations as it allows access to all users and ensure will have either device-specific sessions or IP-specific desktop sessions.<\/p>\n
As a convenience, device-specific sessions do not automatically time out, and non device-specific sessions will time out after 20 minutes of non-use.\u00a0 It is recommended that all users end their sessions by using the \u201cSign Out\u201d option as this ends their particular session so cannot be accessed again, even if attempted from the same device and same IP address.\u00a0 This is critically important when using a shared device.<\/p>\n
<\/p>\n
<\/p>\n
employee kicked out, expired session, error message kicks me out off<\/span><\/p>\n","protected":false},"excerpt":{"rendered":" When any user logs in, the session created should only be used by that one individual and never shared (just as login details should never…<\/p>\n