Skip to content

Latest commit

 

History

History
57 lines (49 loc) · 2.91 KB

how-to-increase-auto-logout-time.mdx

File metadata and controls

57 lines (49 loc) · 2.91 KB
Raw
title description sidebar_label sidebar_class_name hide_table_of_contents
How can I increase the auto logout time?
How to increase the auto logout time
How can I increase the auto logout time?
hidden
true

import Figure from '/src/components/Figure/Figure'; import Chips from "/src/components/Chips/Chips";

CE Pro

By default passbolt uses the PHP session duration setting to define when the auto logout should kick in. If the default session timeout is too short for you and your user you can extend it in the PHP configuration.

Currently, the code checks every 15 minutes if the browser is idle, using this browser functionality reserved for extensions, which returns “locked” if the system is locked, “idle” if the user has not generated any input for a specified number of seconds, or “active” otherwise.

So if there is no direct interaction with the extension, the extension will not try to keep the session alive, and will just let it timeout. So if you have a long session default normally you would need to fail several checks to get logged out. :::info[Pro tip] If the browser window is closed (even if the browser application is not closed) you will get logged out right away. ::: The best way to keep your session active is via the remember me feature as shown here.

See the directive session.gc-maxlifetime

In order to change this number you must locate your php.ini file. Its location depends on your operating system and php versions.

For example on Debian or Ubuntu if you are using Nginx and PHP 7.4 it will be in /etc/php/7.4/fpm/php.ini but the easy way to find it is to execute this command:

$ grep -lr session.gc_maxlifetime /etc/ | grep fpm
/etc/php/7.4/fpm/php.ini

Once located replace the 1440 timout value in seconds with for example 2700 for 45 minutes:

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
; http://php.net/session.gc-maxlifetime
session.gc_maxlifetime = 2700

:::important It’s really important to note that the browser extension is sending a request to the server in order to keep the session active, that means that any behaviour that is interrupting it will end the session, even if the session lifetime is not ended. ::: We have noticed the following actions will result in a session ending:

  • Internet connection lost
  • Browser shutdown
  • Computer shutdown
  • Computer’s session inactive (locked)
  • Changing IP address
  • Browser’s Confidentiality settings