Get Session timeout in Apex 

Web browsers are widely used across the globe for searching through content on websites and accessing web applications. If you are familiar with web browsers, you have most likely heard “Session”. 

A web session is a series of actions by a User on an individual website within a given time frame. This could include your search engine searches, filling out a form to receive content, scrolling on a website page, adding items to a shopping cart, researching airfare, or which pages you viewed on a single website. Any interaction that you have with a single website is recorded as a web session to that website property. This blog describes how Salesforce handles the sessions and how to get the session details. 

What is Session Timeout? 

An active session holds the key (Session ID) for authenticating users for the website they logged in to. This key is sent to the server each time a user requests something on the website. The process of terminating this Authentication when the user is idle for some time in the website without performing any actions is called session timeout. So, the session timeout is the idle time that a user can remain before the session is terminated. Once their session is terminated, users must log in again to access a particular website or service.  

How to Set Session Timeout In Salesforce? 

In Salesforce, the Session Timeout can be set in two ways. 
1. Org level Timeout
2. Profile level session Timeout 

Setting Org level Session Timeout: 

• Go to setup → Security → Session Settings.
• Select the Timeout value range from 15 minutes to 24 hours.

Setting Profile Level Session Timeout: 

• To set a Profile level Session Timeout.
• Go to setup → Users → Profiles.
• Open a specific profile that you want to set a Timeout.
• Select Session Settings and click Edit.
• Select the Timeout value range from 15 minutes to 24 hours.

Note: In Salesforce, Org level timeout changes automatically apply to all profiles except the profiles that are set individually. This means profile-level Session Timeout settings always override an org level session timeout Settings.

How do you get the current session timeout value in Apex? 

Imagine you are building a custom Lightning Web component for users to enter a large number of details. Those details have to be mapped to respective objects on clicking save. But the user enters the details partially and does not click save. When they access the page (keeping it idle for some time) after the session timeout occurs, users need to relog in again with their credentials. On login, all the data they have entered might have been lost as components reloaded again.

This is one of those scenarios where you need session timeout values on your component. If you have a timeout value, then you can write a code to auto save all the details before the session timeout occurs on Salesforce. To get the Session Timeout value from Apex, the following line of code can be used.

Auth.SessionManagement.getCurrentSession().get('NumSecondsValid')

The above code will return the number of seconds left till the Session Timeout based on the last activity of the user. The result will be in string format. So, you have to convert it to an integer before doing any calculation with it. One more thing to consider when using the above code is apex test classes. This line of code can cause test class failures because current session details are not available on test classes. So you have to skip this line on test class execution. By considering all the above issues, the below method can be used to get a session timeout. 

@AuraEnabled 
public static String sessionTimeoutValidation() { 
    Integer SessionTimeout; 
    if (!Test.isRunningTest()) { 
        SessionTimeout = Integer.valueOf(Auth.SessionManagement.getCurrentSession().get('NumSecondsValid')); 
    } else { 
        SessionTimeout = 900; 
    } 
    return SessionTimeout; 
} 

Conclusion

Hope this blog gives more clarity about sessions and getting the session details from Salesforce by using apex.