Session & Security

The portal uses several layers of security to protect access to camera feeds, user data, and administrative functions. These protections work automatically — you do not need to configure anything to benefit from them.

What This Page Covers

This page describes how the portal keeps your session secure, what happens when a session expires, and how access control is enforced at every level. Understanding these features helps explain why you may occasionally be asked to sign in again or why certain pages are not visible to all users.

Key Features

Automatic Session Expiration

After you sign in, your session remains active for a set period of time. The default is 60 minutes, but your administrator can adjust this to be shorter or longer depending on your organization's security requirements. If you leave the portal open without interacting with it, your session will expire after this period.

When your session expires, you are automatically redirected to a "Session Expired" page. This page shows a clear message explaining that your session has timed out, along with a button to sign in again. Any unsaved work in forms may be lost when the session expires, so it is a good practice to save your changes regularly.

Three-Layer Access Control

The portal enforces access at three distinct levels, each one building on the one before it:

  1. Authentication — Every page in the portal (except the Sign In page) requires you to be signed in with a valid session. If you try to visit any page without being signed in, you are redirected to the Sign In page.
  2. Role-Based Permissions — After confirming you are signed in, the portal checks whether your role allows you to perform the requested action. For example, only a Super Admin or User Admin can add new users. If you do not have the required role, you see an "Access Denied" message. See the Roles page for details on what each role can do.
  3. Camera-Level Access — Even within a role, your access to specific cameras depends on which management groups you belong to. A Server Admin assigned to the SEMTOC group can manage servers and cameras in that group but cannot see cameras belonging to STOC or WMTOC. This ensures that each regional team only accesses the cameras they are responsible for.

Secure Session Storage

Your session information is stored securely on the server, not in your browser. The only thing stored in your browser is a small session identifier, which is transmitted as a secure cookie. This cookie is marked so that it cannot be read or modified by scripts running on the page, reducing the risk of unauthorized access.

Encrypted Connections

All communication between your browser and the portal is encrypted. This means that your sign-in credentials, session data, and any information you view or submit cannot be intercepted by third parties.

Audit Trail

Every sign-in, sign-out, and administrative action is recorded in the portal's audit log. This creates a complete record of who did what and when, which supports compliance requirements and makes it possible to investigate any security concerns. See the Logs page for more information.

How It Works in Practice

  1. You sign in through the Sign In page using your organizational account.
  2. The portal creates a secure session that lasts for the configured period (default: 60 minutes).
  3. As you use the portal, each page and action is checked against your role and group memberships.
  4. If you navigate to a page or try an action that your role does not allow, you see an "Access Denied" message.
  5. If your session expires due to inactivity, you are redirected to the "Session Expired" page and can sign in again immediately.
  6. All of your activity is recorded in the audit log for accountability.

Who Has Access

All users — these security features apply to everyone automatically. There is nothing to enable or configure from the user's perspective. Session length and other security settings are managed by the system administrator.