Force logout after browser close and/or certain duration

GregY

My request is to have an option to force a logout from Cloudron after a certain amount of time or after I close my browser.

Currently, the session persists even after I close my browser.

Thank you.

nebulon

Currently the Cloudron dashboard does not use sessions, but an accessToken in the localStorage of the browser. This means when closing the browser tab, there is no solid way to clear that from a dashboard perspective.

Maybe we can use either localStorage or sessionStorage for this?

jdaviescoates

@GregY said in Force logout after browser close and/or certain duration:

Currently, the session persists even after I close my browser.

Yes, I love that!

I guess is this is a real security concern for you, you could manually logout beforehand?

GregY

@jdaviescoates said in Force logout after browser close and/or certain duration:

I guess is this is a real security concern for you, you could manually logout beforehand?

True.

My main reason for requesting this feature is that the administrative controls are only a few clicks away. I suppose I could create a separate non-admin user account for myself and run my apps under that account.

hakunamatata

Are there any plans to add SSO session timeout / inactivity timeout to Cloudron? I am finding that when I configure timeout (e.g. when browser is closed) within apps that are using Cloudron's SSO, the SSO is still keeping the user logged in.

Many businesses require sessions to expire after inactivity or browser closure for security audits.

If a user forgets to log out on a shared machine, a "timeout on close" or "idle timeout" is the only line of defense.

Most professional SSO providers (like Okta or Auth0) allow admins to set a "Max Session Age" or "Inactivity Timeout" at the platform level.