End Session on Browser Close #974
Comments
|
Although it would be possible to expire the cookie when closing the browser but without federated logout (#836), the user will still potentially be logged in on the computer. You could set a short lifetime to your access_token. That would at least make it harder for someone to misuse the forgotten account that is logged in. |
|
Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep it open. (Read more at #912) Thanks! |
|
Hi there! It looks like this issue hasn't had any activity for a while. To keep things tidy, I am going to close this issue for now. If you think your issue is still relevant, just leave a comment and I will reopen it. (Read more at #912) Thanks! |
|
Same issue for me, I would like to set expire time to browser session. |
|
Want user to get logged out if user close the browser. Please guide us on this. |
Summary of proposed feature
Expose an option to not persist a session, which the session will be terminated on browser close.
Purpose of proposed feature
Some system has a "remember me" or "keep me logged in" option to specify if a session should be persisted to avoid a scenario such as forgot to log out from a public computer.
Detail about proposed feature
Make the
sessionoptions to supportmaxAge:0to set the cookie to expire on'Session'. Currently, settingmaxAgeto value0will cause an error.Alternatively, expose the cookie as an API from the module so that developer can use it to modify the cookie as needed, such as setting the expiry to
'Session'.The text was updated successfully, but these errors were encountered: