Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Description of auto_logout could be more clear. #7244

Closed
dseomn opened this issue Oct 14, 2021 · 2 comments · Fixed by nextcloud/server#42610
Closed

Description of auto_logout could be more clear. #7244

dseomn opened this issue Oct 14, 2021 · 2 comments · Fixed by nextcloud/server#42610
Labels
enhancement feature: authentication good first issue help wanted manual: admin

Comments

@dseomn
Copy link

dseomn commented Oct 14, 2021

auto_logout is described as:

Enable or disable the automatic logout after session_lifetime, even if session keepalive is enabled. This will make sure that an inactive browser will be logged out even if requests to the server might extend the session lifetime.

I initially read that as saying the server would invalidate/delete the session after session_lifetime, even if there are requests/activity that would otherwise extend the session lifetime. It looks like it just affects what the client does though, not the server. Especially given that there doesn't seem to be another way for the server to limit the duration of a session in the face of a compromised client, it would be nice if the documentation made it clear that auto_logout does not provide that security.
@dseomn dseomn mentioned this issue Oct 14, 2021
Open
@joshtrichards
Copy link
Member

I agree this does appear to be client-side only:

nextcloud/server#11828 (comment)
nextcloud/server/pull/20298

Would you mind proposing an edit via PR?

P.S. Since the docs for the config.php entries are auto-generated from the config.php.sample in the server repo, you have to do it a bit differently: the file to submit against isn't in the documentation repository but in server here:

https://github.com/nextcloud/server/blob/master/config/config.sample.php

@dseomn
Copy link
Author

dseomn commented Jul 8, 2023

Would you mind proposing an edit via PR?

Sorry, my employer doesn't allow working on AGPL repos normally. There is an approval process I could use to do it, but it's not worth the effort for me for this.

hellodarkness added a commit to hellodarkness/server that referenced this issue Jan 6, 2024
@hellodarkness
Update config.sample.php
5d91487 
Comments to clarify the purpose of session_keepalive.
Fixes issue in Nextcloud Documentation (nextcloud/documentation#7244)

Signed-off-by: HelloDarkness <[email protected]>
@hellodarkness hellodarkness mentioned this issue Jan 6, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement feature: authentication good first issue help wanted manual: admin
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

(config.php.sample) Clarify the purpose of session_keepalive parameter hellodarkness/server
2 participants
@joshtrichards @dseomn