Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Security

Configure local login, session duration, session cleanup, Plex sign-in, and trusted reverse proxies.

Use this page to control who can sign in and how CrossWatch handles sessions.

Local login

Username

Set the local CrossWatch admin username used on the login page.

New password

Set a new local CrossWatch password.

  • Leave this blank to keep the current password

  • Minimum length: 8

Confirm password

Repeat the new password exactly.

CrossWatch will not save if the password fields do not match.

Session

Session caching

Choose how long the login session lasts.

  • Enabled — keeps you signed in for the number of days you choose

  • Browser session only — signs you out when the browser fully closes

This only affects the CrossWatch web session.

It does not change provider tokens.

Cached for days

Set how long a remembered session stays valid.

  • Only used when Session caching is enabled

  • Range: 1 to 365

Plex sign-in

Plex sign-in is optional.

It adds Sign in with Plex to the login page.

Your local CrossWatch username and password stay as the fallback sign-in method.

Actions:

  • Link Plex account — link one Plex account for web sign-in

  • Unlink — remove Plex sign-in from the login page

Related: Plex SSO.

Current session

This section shows the browser session you are currently using to access CrossWatch. If your account has other active browser sessions, CrossWatch shows those separately so it is clear which session is current and which sessions are not.

Log out

Use Log out to end only the session for the browser you are using right now.

Other active sessions

If the same account is signed in from other browsers or devices, CrossWatch shows a compact summary of those sessions here.

Log out other sessions

Use Log out other sessions to sign out every other active browser session while keeping your current browser signed in. This is useful when you want to remove stale, duplicate, or forgotten logins without signing yourself out.

Reverse proxy

Trusted reverse proxies (optional)

Use this only when CrossWatch sits behind a reverse proxy and you want correct client IP handling for login protection and rate limiting.

Enter proxy IP addresses or CIDR ranges separated by ;.

Example:

Add the proxy server IPs here.

Do not add the IPs of end users connecting through the proxy.

PreviousHTTPS/TLSNextPlex SSO

Last updated

Was this helpful?