Author Topic: session_lifetime for autologout? (Read 5543 times)

emilio · « **on:** May 06, 2010, 10:30:42 AM »

hello,

I'm looking to configure roundcube to automatically logout a client after a few minutes the user does not interact with the webmail (for security policy I have to logout the user after 5 minutes);

I think the configuration should be $rcmail_config['session_lifetime'], but it looks like it does not work. any suggestion?

may it be a problem with min_keep_alive or min_keep_alive works only in message composition?

--
bye,
emilio

rosali · « **Reply #1 on:** May 06, 2010, 11:36:47 AM »

RC automatically checks for new messages in the background. RC considers this as activity and the session does not time out. RC developers state this behavior is intended. Only if the browser is closed without a logout the session will timeout.

#1486404 (Roundcube 0.3.1 Session never Expired) ? Roundcube Webmail

If you like to kill the session on inactivity you give my plugin a try (session_timeout, see footer).

emilio · « **Reply #2 on:** May 07, 2010, 12:08:29 PM »

Quote from: rosali;27295

#1486404 (Roundcube 0.3.1 Session never Expired) ? Roundcube Webmail

If you like to kill the session on inactivity you give my plugin a try (session_timeout, see footer).

hum.... I'd like to see this plugin on the default list of roundcube plugin... the roundcube developer idea is ok, but your plugin allow the user opt for the better policy for his webmail

thank's for the reply and for the plugin (also thanks to roundcube for the great work)!