-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The session is not closed after the web browser is closed, the user remains logged in #11934
Comments
GitMate.io thinks possibly related issues are #3657 (Cannot log in to web console after install), #2081 (Custom session variable disappear after several days but user still logged in), #2967 (User cannot log in the web interface), #2927 (add the possibility to close a user account from the web interface), and #10711 (Upload Problem on Web Browsers). |
If by »session close« you mean »log out«, then this is intentional. Web services don’t log people out unless specifically "Log out" was used. Otherwise people have to log in every time they start up their computer, or close the browser (accidentally or not) and this is annoying. |
In NC13, the behavior was such that when the browser was closed, the user log out. Then how to understand these settings: 'remember_login_cookie_lifetime' => 606024*15, Defaults to 606024*15 seconds (15 days) 'session_lifetime' => 60 * 60 * 24, Defaults to 606024 seconds (24 hours) 'session_keepalive' => true, Enabling this sends a “heartbeat” to the server to keep it from timing out. And where did the "remember checkbox"? |
We removed it because people will always be remembered. Until you use the "Log out" function. Much simpler.
Ok, but as said above:
Regarding the technical stuff, someone more technical (like @rullzer @MorrisJobke @juliushaertl) will have to comment. :) |
thank you for your patience:) and your work! |
FYI, added this back in the VM as users requested it. |
No option for automatic logout on browser close becomes problematic if nextcloud is used for another service via OAuth. For example I use my service to login to nextcloud (with help of Social Login App). When I logout from my service, I close the browser, but forgot to logout from Nextcloud. If I recall correctly, there is no API to logout the user from nextcloud remotely. |
@enoch85 If I understand correctly, this means that users will be logged out again after they browser has been closed when upgrading to Nextcloud 15? That would be such a relief as not being logged out automatically is a real concern when using public computers. |
@ksmolder Yes that's correct. Though I changed it to 30 minutes in the latest version as I noticed some issues with uploading in the Web GUI. You will automatcally be logged out, and if you want to be logged out faster than 30 minutes, then change it to whatever you like in config.php. |
As there is no feedback since a while I will close this ticket. If this is still happening please make sure to upgrade to the latest version. After that, feel free to reopen. |
@skjnldsv The default behavior is to stay logged in unless you click "Logout". This wasn't the behavior before and this ticket addresses that. So unless you will revert to the old behavior or set a sane default IMHO this ticket is still valid.
If you on the other hand don't intend to change it, it can remain closed. |
No, iirc we tend to go the same way others big services are doing it. We removed the keep me logged in button for this exact purpose. |
HI, imagine a laptop got stollen. What can an administrator do to log out the user remotely ? |
The user can simply log in on any other device and go to their session overview to close the session. If the laptop has a desktop client with files, the remote wipe function will remove all the files from the laptop. For privacy reasons, the admin can not control individual sessions, only wipe all devices and close all sessions from the user. |
Nextcloud server 14.0.3
Ubuntu 16.04.5
php 7.0.32
Apache 2.4.18
PostgreSQL 9.5.14
The session is not closed after the web browser is closed, the user remains logged in
until i solved the problem this way:
'remember_login_cookie_lifetime' => 0,
The text was updated successfully, but these errors were encountered: