Legacy Dev Forum Posts

 View Only

Sign Up

Back to discussions
Expand all | Collapse all

PureCloud web application security question

  • 1.  PureCloud web application security question

    Posted 06-05-2025 19:19

    rapan | 2018-06-13 15:21:52 UTC | #1

    Hi PureCloud Dev. team,

    We are doing PureCloud implementation for a customer, and when going through their security questionnaire, I am not able to find any answer on the question below. I have reached out the support team (case#0002294483.), but they cannot address them as well, and suggested me to seek support from the developer forum .

    Can you assist on providing the response or point me to the right documentation?

    1. Does the application support a different “Maximum session lifetime” for mobile app?

    If “Yes”, what is the maximum lifetime of a user session?

    1. When logging out from PureCloud via the web browser, can the user logout request be customised/ redirected to customer's IdP to log the user out of any IdP managed sessions?
    2. What is the lifetime of the application specific session cookie(s) that the application may create/ generate? Specify any differences arising from different browser use. Also specify any differences if a tab is closed rather than the browser.
    3. From the browser configuration, I can see that the cookie is valid for 1 week. Can you confirm this is as per design?
    4. Do you maintain historical information of user activity within your environment/ application for audit purposes?

    Thanks in advance and best regards, Roland.

    tim.smith | 2018-06-13 15:22:03 UTC | #2

    1. OAuth access tokens last for 5 minutes to 48 hours, depending on configuration. The default is 24 hours. Official applications use the default.
    2. No. Custom apps can do this though.
    3. See #1. Note that the cookie is not an access token.
    4. Yes.
    5. Some information is retained.

    rapan | 2018-06-14 03:33:40 UTC | #3

    Hi Tim,

    Thanks for your reply.

    1. Sorry, I was not clear. I was referring to the Purecloud mobile application.

    Customer would like to know how long the user session is valid after logged in.

    1. I believe you answered my question, the session cookie are valid for one week.
    2. Will be possible to provide type of information and the duration of the retention?

    Many thanks Roland

    tim.smith | 2018-06-14 13:53:41 UTC | #4

    1. The mobile applications use the same method of authentication as the web application or any custom application. The same rules apply.
    2. I believe the cookies are valid for a week.
    3. There's not a single or simple answer to what data is available in purecloud or the retention duration, and some things have configurable retention policies. You can browse the APIs that will give you access to an org's data at https://developer.mypurecloud.com/api/rest/v2/. If you need specific retention time periods, let me know what data you're specifically interested in.

    rapan | 2018-06-18 07:20:35 UTC | #5

    Thanks Tim for your reply.

    I am fine for now about the data as this is a general question from the customer.

    Regards, Roland.

    system | 2018-07-19 07:20:40 UTC | #6

    This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.

    This post was migrated from the old Developer Forum.

    ref: 2999



Related Content