Omniscope uses HTTP Basic Authentication, which when combined with HTTPS is a simple but secure solution. However the HTTP Basic Authentication protocol doesn't allow for timeout.

We plan to develop support for session-based authentication in future. Meanwhile if this is essential you must use a 3rd party solution to provide authentication instead of Omniscope. This entails disabling all Omniscope security options (i.e. giving anonymous all necessary permissions), disabling external access to Omniscope, and instead using a HTTP security reverse proxy like Keycloak to provide your security layer.