Session Timeout Guide¶

Overview¶

For security, your session automatically expires after 10 minutes of inactivity. This is a FISMA High requirement (NIST 800-53 AC-2(5)) to protect against unauthorized access.

Timeout Duration: 10 minutes of inactivity Warning Time: 2 minutes before timeout Actions: Extend session or logout

How Session Timeout Works¶

Activity Tracking¶

System monitors: - Mouse movements - Keyboard input - Button clicks - Page navigation - File uploads

Activity resets timer: Every interaction restarts the 10-minute countdown

Inactivity triggers timeout: No interaction for 10 minutes = automatic logout

Timeout Warning¶

After 8 minutes of inactivity, you'll see a warning:

╔══════════════════════════════════════════════╗
║          ⏰ Session Timeout Warning           ║
╠══════════════════════════════════════════════╣
║  Your session will expire in:                ║
║                                              ║
║                  1:45                        ║
║                                              ║
║  For your security, sessions expire after    ║
║  10 minutes of inactivity.                   ║
║                                              ║
║  [Extend Session]        [Logout Now]        ║
╚══════════════════════════════════════════════╝

Warning Features: - ⏰ Countdown Timer - Shows remaining seconds - 🔔 Modal Dialog - Can't be missed - ⌨️ Keyboard Accessible - Tab to buttons - 📢 Screen Reader - Announces warning

Responding to Warning¶

Option 1: Extend Session¶

Click "Extend Session" to continue working

What happens: 1. Warning dismisses 2. Timer resets to 10 minutes 3. You continue working 4. No data lost

Keyboard shortcut: Press Enter or Space

Option 2: Logout Now¶

Click "Logout Now" to end session immediately

What happens: 1. Logged out immediately 2. Redirected to login page 3. Session terminated 4. All unsaved work lost

Use when: - Finished working - Need to walk away - On shared computer

Option 3: Dismiss Warning¶

Click outside modal or press Escape to dismiss

What happens: 1. Warning closes 2. Timer continues counting down 3. Will logout at 10 minutes 4. Warning won't show again

Warning: You'll be logged out without further notice!

After Timeout¶

Automatic Logout¶

If you don't respond to the warning:

At 10 minutes: 1. Session terminates automatically 2. Logged out 3. Redirected to login page 4. Message displayed

╔══════════════════════════════════════════════╗
║        Your Session Has Expired              ║
╠══════════════════════════════════════════════╣
║  For your security, your session expired     ║
║  after 10 minutes of inactivity.             ║
║                                              ║
║  Please log in again to continue.            ║
║                                              ║
║  [Return to Login]                           ║
╚══════════════════════════════════════════════╝

What's Lost¶

Data NOT saved: - ❌ Partially completed upload forms - ❌ Unsaved settings changes - ❌ In-progress file selections

Data IS saved: - ✅ Completed uploads - ✅ Saved settings - ✅ Account changes - ✅ Registered passkeys

Best Practices¶

Before Starting Work¶

✅ Prepare documents - Have files ready before logging in ✅ Know case numbers - Look them up in advance ✅ Plan uploads - Batch multiple uploads if needed ✅ Clear schedule - Allow uninterrupted time

While Working¶

✅ Stay active - Move mouse occasionally ✅ Watch for warning - Don't ignore the modal ✅ Save progress - Complete uploads promptly ✅ Extend session - When warning appears

Common Scenarios¶

Scenario 1: Phone Call¶

Problem: Need to answer phone mid-upload

Solution: 1. Complete current upload FIRST 2. Then answer phone 3. Or extend session before answering 4. Don't leave page idle

Scenario 2: Meeting¶

Problem: Called to unexpected meeting

Solution: 1. Extend session before leaving 2. Or logout and save work 3. Don't leave session open 4. Log back in after meeting

Scenario 3: Long Upload¶

Problem: Large file taking >8 minutes

Solution: - System recognizes active upload - Timeout paused during upload - Resume timer after upload complete - No action needed during upload

Why 10 Minutes?¶

FISMA High Requirement¶

NIST 800-53 AC-2(5): - Mandates automatic session termination - Protects against unauthorized access - Required for FISMA High systems - Cannot be disabled or extended

Security Benefits¶

Protects against: - 🚶 Walk-away attacks - Someone using unattended computer - 🔓 Unlocked devices - Computer left unlocked - 👥 Shoulder surfing - Someone seeing your screen - 🕵️ Unauthorized access - Access while you're away

Compliance¶

Required by: - FISMA High Impact Level - Federal court security policy - Department of Justice standards - CJIS Security Policy

Session Management¶

Active Session¶

While logged in: - Timer runs continuously - Resets with each activity - Warning at 8 minutes - Logout at 10 minutes

Session includes: - Authentication token - User identity - Upload permissions - Settings access

Multiple Tabs/Windows¶

Important: - Single session across all tabs - Activity in ANY tab resets timer - Logout affects ALL tabs - Can't have multiple sessions

Example: 1. Open upload page in Tab 1 2. Open settings in Tab 2 3. Work in Tab 1 keeps both alive 4. Timeout logs out BOTH tabs

Multiple Devices¶

Separate sessions per device: - Phone session independent from laptop - Different devices = different timers - Logging out one doesn't affect others - Each needs separate authentication

Troubleshooting¶

Warning Doesn't Appear¶

Problem: No warning shown before timeout

Possible Causes: 1. Browser blocked modal - Check popup blocker 2. JavaScript disabled - Enable JavaScript 3. Browser extension - Disable ad blockers temporarily 4. Old browser - Update to latest version

Solution: - Enable popups for court website - Whitelist waed.uscourts.gov - Update browser - Disable conflicting extensions

Logged Out Too Quickly¶

Problem: Timeout seems faster than 10 minutes

Possible Causes: 1. Clock skew - System clock incorrect 2. No activity detected - Mouse not moving 3. Other tab active - Switched to different website 4. Browser sleep - Computer went to sleep

Solutions: - Check system clock accuracy - Keep browser window active - Don't minimize for extended periods - Prevent computer sleep during work

Can't Extend Session¶

Problem: "Extend Session" button doesn't work

Solutions: 1. Refresh page - May be browser issue 2. Clear cache - Old cached version 3. Try keyboard - Press Enter key 4. Different browser - Test in another browser

If still broken: - Contact Clerk's Office - Use different device - May need IT assistance

Timeout During Upload¶

Problem: Worried about timeout during file upload

Solution: - Don't worry! Upload process keeps session active - Timer pauses during active upload - Warning won't appear during upload - Complete upload, then timer resumes

Safety Feature: System recognizes upload in progress and waits

Session Security¶

What Session Stores¶

Session contains: - 🔑 Authentication token - 👤 User identity (email) - ⏰ Login timestamp - 📍 IP address (for audit)

Session does NOT contain: - ❌ Password - ❌ MFA codes - ❌ Uploaded files - ❌ Credit card info (N/A)

Session Storage¶

Where stored: - Browser sessionStorage (temporary) - Server memory (encrypted) - Not in cookies (more secure) - Cleared on logout or timeout

Security features: - HTTPS only (encrypted transit) - HttpOnly equivalent (not accessible to scripts) - SameSite (CSRF protection) - Short-lived (10 minutes max)

Accessibility¶

Warnings announced:

"Session timeout warning. Your session will
expire in 2 minutes. Press Tab to navigate
to Extend Session button."

Countdown announced:

"1 minute 30 seconds remaining"
"1 minute remaining"
"30 seconds remaining"

Tab key: Move between buttons Enter/Space: Activate button Escape: Dismiss warning (not recommended)

High Contrast Mode¶

Warning modal supports: - High contrast themes - Large text mode - Color blind modes - Reduced motion

FAQ¶

Can I change the timeout duration?¶

No. 10 minutes is mandated by FISMA High requirements and cannot be modified.

No. All logins (password or passkey) have same 10-minute timeout for security.

Can I keep session alive automatically?¶

No. You must manually extend session. Auto-refresh not allowed by security policy.

What if I'm reading a long document?¶

Scroll or move mouse occasionally to show activity and reset timer.

Does mobile app have same timeout?¶

Yes. Mobile and desktop both use 10-minute timeout.

Next Steps¶

Understanding session timeout:

Login Methods → Learn different ways to log in
Upload Documents → Complete uploads before timeout
Account Security → Learn about other security features

Need Help?¶

Clerk's Office - Eastern District of Washington Phone: (509) 458-3410 Email: ecfinfo@waed.uscourts.gov Hours: Monday-Friday, 8:00 AM - 5:00 PM Pacific Time

← Back to User Guide | Next: Audit Logging →