Session Tokens and Auto Log-Out

Security in the SmartVault Portal

Security in the SmartVault Portal has been enhanced for all users by adding session tokens that will expire after 15 minutes of inactivity, causing the user to be automatically logged out.

Similar to the auto-logout process you may experience on a bank or insurance company's website, if someone logs into a SmartVault account through the web Portal and remains idle, then they will receive a pop-up after 13 minutes warning them that their session is about to end due to inactivity. If the user fails to click Logged In in the pop-up window within two minutes, the user is automatically logged out.

As an additional security precaution, SmartVault will immediately invalidate a user's session token if the first two portions of their IP address have changed. If you happened to log in to SmartVault from a laptop in your office, you can easily move around within your office and stay connected, but if you move from your office to Starbucks, SmartVault will detect a change in IP address and require you to sign in again. This is an added level of security to prevent unauthorized users from accessing your account in the event of a theft or loss of your device.


If you've forgotten your password, you can reset it.

How Session Tokens Work

  1. Sign in to the SmartVault Portal.
  2. Depending on your default view in the Portal, one of the following pop-up windows will appear after 13 minutes of inactivity:
  3. If you do not click Stay Logged In within 2 minutes, the system will automatically log you out.
  4. If you choose to stay logged in, your session token will be renewed, and you will receive another warning after another 13 minutes of inactivity.
  5. If you choose to Log Out Now, then all instances of the SmartVault Portal within that web browser will be logged out.

More About Session Tokens

  • If you log into the SmartVault Portal and remain idle for 15 consecutive minutes, then all SmartVault web instances or tabs opened during that session within that web browser will automatically log out.
  • If you log in to the SmartVault Portal and then open multiple portal windows within the same web browser, the session token will apply to all instances within the same web browser. So, staying active in one instance or tab will keep all the other portal instances within that web browser active.
  • If you open a different web browser and log in to the SmartVault Portal, a new session token is issued that affects just the instances or tabs within the new web browser.
  • If the first two portions of your IP address change (e.g., you connect to a different network), SmartVault will log you out.
  • The SmartVault for Windows Desktop Client also uses session tokens, but it is not affected by inactivity. The SmartVault Launchpad, including the Connected Desktop, will force you to sign back in once a week as an additional security check.
  • Windows and Macintosh WebDAV clients do not use or check session tokens, so connectivity of mapped web drives like the SmartVault Web Drive is not affected by the addition of session tokens.