Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auto-timeout of Session #4346

Closed
rcubetrac opened this issue Sep 24, 2013 · 2 comments
Closed

Auto-timeout of Session #4346

rcubetrac opened this issue Sep 24, 2013 · 2 comments
Labels
C: Core functionality enhancement worksforme
Milestone
later

Comments

@rcubetrac
Copy link

Reported by digennaik on 24 Sep 2013 06:59 UTC as Trac ticket #1489354

Dear all,

We are running Roundcube 0.9.1 Stable on Red Hat Enterprise Linux Server release 6.1 (Santiago) with PHP 5.3.3 and Apache/2.2.15. Email server has been setup as per http://www.qmailrocks.org

For security reasons( users forgetting logging out of the email account ) we would like to have Roundcube logout the user after x minutes period of inactivity.

As per an old thread in this forum, it has been mentioned that this behavior is not possible. The thread is located http://www.roundcubeforum.net/index.php?topic=9507.0

I've tried setting the 'session_lifetime' to the number of minutes we want after which the user has to logout due to session expiry, but that hasn't helped.

In order to achieve this we've tried the following,

Added the following in config/main.inc.php at the very end of the file,

$rcmail_config['session_lifetime'] = 1;

The above directive did not exist by default in the Roundcube version we're using. Sadly, this hasn't helped.

We are sure there must be a way to auto-timeout the session primarily for security reasons. With the default functionality, the session of the user never timeouts i.e the user never gets logged out from the Webmail which we believe is a huge potential security risk.

Anyone has any suggestions to achieve this or has implemented this through a plugin ( we tried finding out but to no avail ) ?

Can anyone point me to the right direction in order to achieve this ? Any input is much appreciated.

Migrated-From: http://trac.roundcube.net/ticket/1489354
@rcubetrac
Copy link
Author

Comment by @thomascube on 3 Jan 2015 16:25 UTC

The 'session_lifetime' config option is exactly meant for this. Roundcube by default already has a very short session timeout of 10 minutes. Please test with Roundcube version 1.x and enable logging for sessions: $config['log_session'] = true;

Closing this ticket as the requested feature already exists. Please port to our mailing lists for further support and re-open the ticket as a bug if you can provide steps to reproduce the failure.

@rcubetrac
Copy link
Author

Status changed by @thomascube on 3 Jan 2015 16:25 UTC

new => closed

@rcubetrac rcubetrac added this to the later milestone Mar 20, 2016
@CptTZ CptTZ mentioned this issue Mar 6, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: Core functionality enhancement worksforme
Projects
None yet
Milestone
later
Development

No branches or pull requests
1 participant
@rcubetrac