Session Management

Zenovay uses secure session management to keep you logged in while protecting your account. This guide explains how sessions work and how to manage them.

Understanding Sessions

A session is created each time you log in. Sessions:

• Keep you logged in without re-entering credentials
• Have expiration times for security
• Are stored as encrypted cookies in your browser
• Are independent per device and browser

Session Expiration

Maximum Session Lifetime

Sessions expire automatically based on your login settings:

Type	Duration
Regular session	30 days
Remember me	90 days

Inactivity Timeout

All sessions have an inactivity timeout of 30 minutes. If you stop interacting with Zenovay for 30 minutes, your session is automatically ended.

Detail	Description
Timeout period	30 minutes of inactivity
Warning	Notification appears 5 minutes before timeout
Resets on	Clicking, scrolling, typing, or mouse movement

What Happens When Your Session Expires

If your session times out while you are using Zenovay:

Forced Expiration

Sessions are terminated immediately when:

• You sign out manually
• Your password is changed
• MFA settings are reset
• Your account is suspended

Signing Out

Sign Out from Current Device

1. Click your profile icon in the top navigation
2. Click Sign Out
3. Your session is terminated and you are redirected to the login page

Sign Out Everywhere

To log out from all devices at once, the most reliable method is to change your password. This immediately invalidates all active sessions across every device.

1. Go to Settings -> Security
2. Click Change Password
3. Enter your current password and a new password
4. All other sessions are terminated

Remember Me

When logging in, you can check "Remember me":

Enabled:

• Extended session duration (90 days)
• Suitable for personal devices

Disabled:

• Shorter session (30 days)
• Better for shared computers

Cross-Device Session Behavior

Each device maintains its own independent session. This means:

• Logging in on your laptop does not affect your phone session
• Inactivity timeout is tracked separately per device
• Signing out on one device does not sign you out on others

However, certain security events affect all sessions:

• Password changes end all sessions everywhere
• MFA resets end all sessions everywhere

Session Security Settings

Require Password for Sensitive Actions

Zenovay requires password re-entry for:

• Changing your email address
• Changing your password
• Managing MFA settings
• Deleting your account
• Generating API keys

Enterprise Session Controls

Enterprise Plan

Enterprise accounts can additionally customize:

• Custom inactivity timeout durations
• Custom maximum session durations
• Forced daily re-authentication
• Concurrent session limits
• Geographic restrictions on login locations

Best Practices

Security Habits

• Never stay logged in on public computers
• Log out before leaving shared devices
• Use private/incognito mode on untrusted devices
• Keep your browser updated

When to Sign Out

You should sign out when:

• Using a shared or public computer
• Lending your device to someone
• You suspect unauthorized access
• You are done working for the day on a non-personal device

Troubleshooting

Session Keeps Expiring

• Check that your browser allows cookies from Zenovay
• Ensure you are not using incognito/private mode (sessions do not persist)
• Verify that browser extensions are not clearing cookies

Cannot Log Back In After Timeout

• Your account may be locked from too many failed attempts -- wait and try again
• Use the "Forgot password" link to reset your password
• Contact support@zenovay.com if issues persist

Next Steps

• Set up MFA for additional security
• Understand device trust
• Review security best practices