After logging in, a user establishes a session with the platform. Use session security to limit exposure to your network when a user leaves their computer unattended while still logged on. It also limits the risk of internal attacks, such as when one employee tries to use another employee's session.

You can control the session expiration time window for user logins. Session expiration allows you to select a timeout for user sessions. The default session timeout is two hours of inactivity. When the session timeout is reached, users are prompted with a dialog that allows them to log out or continue working. If they do not respond to this prompt, they are automatically logged out.

• Note: When a user closes a browser window or tab they are not automatically logged off from their Advologix session. Please ensure that your users are aware of this, and that they end all sessions properly by clicking Your Name > Logout.
• By default, Force.com uses SSL (secure sockets layer) and requires secure connections (HTTPS) for all communication. The Require secure connections (HTTPS) setting determines whether SSL (HTTPS) is required for access to Salesforce, apart from Force.com sites, which can still be accessed using HTTP.
• To enforce HTTPS for all Force.com sites communication, see “Public Access Settings for Force.com Sites” in the Force.com online help.
• If you disable this setting and change the URL from https:// to http://, you can still access the application. However, you should require all sessions to use SSL for added security.

Under Administration Setup

Choose Security Controls

Select Session Settings

You can modify session security settings to control the session timeout warning and to prevent “IP shifting” for users that are logged in.

1. Customize the session security settings.--See chart below

2. Click Save.