You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Reported by digennaik on 24 Sep 2013 06:59 UTC as Trac ticket #1489354
Dear all,
We are running Roundcube 0.9.1 Stable on Red Hat Enterprise Linux Server release 6.1 (Santiago) with PHP 5.3.3 and Apache/2.2.15. Email server has been setup as per http://www.qmailrocks.org
For security reasons( users forgetting logging out of the email account ) we would like to have Roundcube logout the user after x minutes period of inactivity.
I've tried setting the 'session_lifetime' to the number of minutes we want after which the user has to logout due to session expiry, but that hasn't helped.
In order to achieve this we've tried the following,
Added the following in config/main.inc.php at the very end of the file,
$rcmail_config['session_lifetime'] = 1;
The above directive did not exist by default in the Roundcube version we're using. Sadly, this hasn't helped.
We are sure there must be a way to auto-timeout the session primarily for security reasons. With the default functionality, the session of the user never timeouts i.e the user never gets logged out from the Webmail which we believe is a huge potential security risk.
Anyone has any suggestions to achieve this or has implemented this through a plugin ( we tried finding out but to no avail ) ?
Can anyone point me to the right direction in order to achieve this ? Any input is much appreciated.
The 'session_lifetime' config option is exactly meant for this. Roundcube by default already has a very short session timeout of 10 minutes. Please test with Roundcube version 1.x and enable logging for sessions: $config['log_session'] = true;
Closing this ticket as the requested feature already exists. Please port to our mailing lists for further support and re-open the ticket as a bug if you can provide steps to reproduce the failure.
Reported by digennaik on 24 Sep 2013 06:59 UTC as Trac ticket #1489354
Dear all,
We are running Roundcube 0.9.1 Stable on Red Hat Enterprise Linux Server release 6.1 (Santiago) with PHP 5.3.3 and Apache/2.2.15. Email server has been setup as per http://www.qmailrocks.org
For security reasons( users forgetting logging out of the email account ) we would like to have Roundcube logout the user after x minutes period of inactivity.
As per an old thread in this forum, it has been mentioned that this behavior is not possible. The thread is located http://www.roundcubeforum.net/index.php?topic=9507.0
I've tried setting the 'session_lifetime' to the number of minutes we want after which the user has to logout due to session expiry, but that hasn't helped.
In order to achieve this we've tried the following,
Added the following in config/main.inc.php at the very end of the file,
$rcmail_config['session_lifetime'] = 1;
The above directive did not exist by default in the Roundcube version we're using. Sadly, this hasn't helped.
We are sure there must be a way to auto-timeout the session primarily for security reasons. With the default functionality, the session of the user never timeouts i.e the user never gets logged out from the Webmail which we believe is a huge potential security risk.
Anyone has any suggestions to achieve this or has implemented this through a plugin ( we tried finding out but to no avail ) ?
Can anyone point me to the right direction in order to achieve this ? Any input is much appreciated.
Migrated-From: http://trac.roundcube.net/ticket/1489354
The text was updated successfully, but these errors were encountered: