How to configure Kibana session timeouts

Session timeouts limit how long an authenticated Kibana login stays usable, reducing the risk of unattended dashboards being accessed by the wrong person. Tightening these limits helps meet security and compliance requirements while keeping interactive access predictable for users.

When Kibana security is enabled, authentication creates a session that remains valid until it expires. The xpack.security.session settings in kibana.yml control two expiration rules: an inactivity timer (idleTimeout) and a hard maximum lifetime (lifespan).

Changing session timeout settings requires a Kibana restart and can increase login prompts if values are set too aggressively. For load-balanced or multi-instance deployments, a consistent xpack.security.encryptionKey across all Kibana nodes prevents sessions from being invalidated when the service restarts or traffic lands on a different node.

Steps to configure Kibana session timeouts:

Open a terminal with sudo privileges.
```
$ whoami
user
```
Edit the Kibana configuration file at /etc/kibana/kibana.yml.
```
$ sudoedit /etc/kibana/kibana.yml
```
Archive installs keep kibana.yml under the config directory inside the Kibana home directory.
Add xpack.security.session.idleTimeout and xpack.security.session.lifespan to kibana.yml.
```
xpack.security.session.idleTimeout: "30m"
xpack.security.session.lifespan: "7d"
```
idleTimeout expires inactive sessions, while lifespan expires sessions after a maximum age even with activity. Duration values commonly use m (minutes), h (hours), and d (days).
Set a static xpack.security.encryptionKey to prevent session invalidation across restarts and load-balanced Kibana nodes.
```
xpack.security.encryptionKey: "replace-with-a-long-random-string-at-least-32-characters"
```
Changing xpack.security.encryptionKey invalidates existing sessions and forces re-authentication.

Confirm the session settings are present in /etc/kibana/kibana.yml.

$ sudo grep -nE 'xpack\.security\.(encryptionKey|session\.(idleTimeout|lifespan))' /etc/kibana/kibana.yml
42:xpack.security.encryptionKey: "replace-with-a-long-random-string-at-least-32-characters"
55:xpack.security.session.idleTimeout: "30m"
56:xpack.security.session.lifespan: "7d"

Restart the Kibana service to apply the configuration changes.
```
$ sudo systemctl restart kibana
```
Related: How to manage the Kibana service with systemctl in Linux

Verify the Kibana service is running after the restart.

$ sudo systemctl status kibana --no-pager
● kibana.service - Kibana
     Loaded: loaded (/lib/systemd/system/kibana.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2026-01-05 10:15:01 UTC; 8s ago
##### snipped #####

A YAML syntax error in kibana.yml can prevent Kibana from starting and removes web access until corrected.

Leave an authenticated Kibana session inactive longer than idleTimeout during testing.

Temporarily using a small value like 2m makes the idle-expiration check fast, then the intended production value can be restored.
Reload the Kibana page to confirm the session is redirected to the login screen after expiration.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.