> For the complete documentation index, see [llms.txt](https://wiki.crosswatch.app/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://wiki.crosswatch.app/crosswatch/navigation/ui-settings/security.md).
# Security
Use this page to control who can sign in and how CrossWatch handles sessions.
### Local login
#### Username
Set the local CrossWatch admin username used on the login page.
#### New password
Set a new local CrossWatch password.
* Leave this blank to keep the current password
* Minimum length: `8`
#### Confirm password
Repeat the new password exactly.
CrossWatch will not save if the password fields do not match.
### Session
#### Session caching
Choose how long the login session lasts.
* `Enabled` — keeps you signed in for the number of days you choose
* `Browser session only` — signs you out when the browser fully closes
This only affects the CrossWatch web session.
It does not change provider tokens.
#### Cached for days
Set how long a remembered session stays valid.
* Only used when `Session caching` is enabled
* Range: `1` to `365`
### Plex sign-in
Plex sign-in is optional.
It adds **Sign in with Plex** to the login page.
Your local CrossWatch username and password stay as the fallback sign-in method.
Actions:
* **Link Plex account** — link one Plex account for web sign-in
* **Unlink** — remove Plex sign-in from the login page
Related: [Plex SSO](/crosswatch/navigation/ui-settings/security/plex-sso.md).
### Current session
This section shows the browser session you are currently using to access CrossWatch. If your account has other active browser sessions, CrossWatch shows those separately so it is clear which session is current and which sessions are not.
#### Log out
Use **Log out** to end only the session for the browser you are using right now.
#### Other active sessions
If the same account is signed in from other browsers or devices, CrossWatch shows a compact summary of those sessions here.
#### Log out other sessions
Use **Log out other sessions** to sign out every other active browser session while keeping your current browser signed in. This is useful when you want to remove stale, duplicate, or forgotten logins without signing yourself out.
### Reverse proxy
#### Trusted reverse proxies (optional)
Use this only when CrossWatch sits behind a reverse proxy and you want correct client IP handling for login protection and rate limiting.
Enter proxy IP addresses or CIDR ranges separated by `;`.
Example:
```
127.0.0.1;192.168.2.1;192.168.2.0/16
```
{% hint style="warning" %}
Add the proxy server IPs here.
Do not add the IPs of end users connecting through the proxy.
{% endhint %}
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://wiki.crosswatch.app/crosswatch/navigation/ui-settings/security.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.