spec checked
NIST SP 800-63B Session Management
Documents session inactivity timeout, overall timeout, termination, reauthentication reset behavior, and assurance-level session management requirements.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Session timeout | Choose session timeout when the authenticated session has already expired or been terminated and the next valid path is sign-in, reauthentication, restart, or safe task restoration. | The timeout state is driven by server or identity-provider session validity, not by a cosmetic client-only overlay. | Supports inactivity timeout, overall timeout, termination, and reauthentication reset behavior. |
| Session timeout warning | Choose session timeout warning when the session is approaching an inactivity, absolute, device-lock, or reauthentication boundary that can interrupt authenticated work. | The warning is driven by the authoritative session or identity state, not only a local countdown. | NIST documents inactivity timeout, overall timeout, and reauthentication reset behavior. |
Evidence Role
This source is treated as spec evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: National Institute of Standards and Technology. Last checked: .