Security

Use this page to control who can sign in and how CrossWatch handles sessions.

Local login

Username

Set the local CrossWatch admin username used on the login page.

New password

Set a new local CrossWatch password.

• Leave this blank to keep the current password

• Minimum length: 8

Confirm password

Repeat the new password exactly.

CrossWatch will not save if the password fields do not match.

Session

Session caching

Choose how long the login session lasts.

• Enabled — keeps you signed in for the number of days you choose

• Browser session only — signs you out when the browser fully closes

This only affects the CrossWatch web session.

It does not change provider tokens.

Cached for days

Set how long a remembered session stays valid.

• Only used when Session caching is enabled

• Range: 1 to 365

Plex sign-in

Plex sign-in is optional.

It adds Sign in with Plex to the login page.

Your local CrossWatch username and password stay as the fallback sign-in method.

Actions:

• Link Plex account — link one Plex account for web sign-in

• Unlink — remove Plex sign-in from the login page

Related: Plex SSO.

Current session

This section shows the login state of the browser session you are using now.

Log out

End the current CrossWatch session.

Reverse proxy

Trusted reverse proxies (optional)

Use this only when CrossWatch sits behind a reverse proxy and you want correct client IP handling for login protection and rate limiting.

Enter proxy IP addresses or CIDR ranges separated by ;.

Example: