OC5 beta2 - session timeout locks owncloud access only after trying to continue ownCloud usage #1934
Comments
|
What do you mean by "only after trying to continue ownCloud usage" |
|
Possible relation to #527 ? |
As explained before it is more or less how user expectations are |
|
Definitely a good idea but more an enhancement and not a bug. |
|
Problem is this section in lib/base.php // session timeout
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 3600)) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, '/');
}
session_unset();
session_destroy();
session_start();
}
$_SESSION['LAST_ACTIVITY'] = time(); |
|
That issue is bugging me a lot, i'll try to get a polling service up and running. |
|
Please reopen if the pull request didnt fix this |
From my understanding the session timeout has been introduced as a security mechanism to lock ownCloud access after a defined non-usage period. Unfortunately this function is only triggered if you want to continue to use ownCloud and not instantly after the time has been elapsed. This allows everyone to see the content currently displayed on the screen as long as a function within ownCloud is selected.
I would recommend to change the session timeout function in that way as online banking applications are doing it. A short time before the session timeout is reached, e.g.only 30s left, a message should be shown that the application will be locked if no interaction happens within the next 30s. After the session has been finaly been timed-out a redirect to the login page should happen automatically.
If possible a message should be shown above the login window statting that an automatic logout has been forced due to user inactivity.
The text was updated successfully, but these errors were encountered: