User sessions

A user session is the active period between a user's login and logout or session expiry due to inactivity. A user begins a session by logging in to a Medallia application, either through a login screen or Single Sign-On (SSO). A session ends when either

  • The user explicitly logs out, or

  • It expires automatically after a specific period of time has passed since an application-specific event, such as user inactivity in a Medallia Web reporting session.

Important: Turning off the computer or device, closing the app, or clearing a browser cache does NOT expire a session because these client-events are not reported to the server maintaining the session.
Medallia Web reportingMedallia Mobile & Medallia Voices
Default time to automatically expire a session30 minutes of inactivity30 days since last login
Configuration settingThe Session timeout in minutes property. Note the Max session duration in minutes property on the same page expires sessions after a period of time since the login.

Not this setting applies to both SSO and non-SSO (username and password) logins.

The Refresh token lifetime property for the app.

Apps may optionally automatically sign out users after some period of inactivity with the Expire refresh token after an idle timeout property on the Clients page.

For a detailed description of SSO sessions and events, see SSO session inactivity.

Concurrent sessions

Concurrent sessions happen when the same user is logged in to the same service, at the same time using any of these:

  • Different devices, such as desktop, laptop, or mobile

  • Different browser types, such as Chrome, Firefox, or Edge

  • Both private and non-private browsing windows on the same browser type

When using concurrent sessions, some features such as language settings, preferences, and bookmarks do not work as desired: changes made in one session are not reflected in other sessions.

Important: Some companies identify concurrent sessions as a security risk.

Each user should have their own account/username. If a group of users all need identical access, create a role with that access and assign it to each user.

By default, Medallia Experience Cloud does not restrict concurrent sessions. To enforce a limit, use the Max Concurrent Sessions property on the Logon Restrictions page.