Went back to the tab after a day’s work at keyboard to find myself still logged in to the Otto console, which I was a bit surprised about, mostly because I am used to being logged out after inactivity.
Is this expected/ desireable given the damage that a wide open access could bring.
I ‘know’ it’s my responsibility to do the secure thing etc etc…
Open to suggestions here. I can’t remember what we have it set exactly but it is longer than a few days. Otto V3 is like that as well. I use several services that are just as crtical that have 30 day time out. So that kind of behavior isn’t unusual. But we could maybe make it an option with a “keep me logged in” option or something.
I like the idea of a short session duration by default (8 hours max or based on inactivity) but a “keep me logged in” toggle on the login page that could last for 30 days
OttoFMS 4.0.1-beta.21 has the “Keep me logged in” feature! Default session duration is now 8 hours, if keep me logged in is selected on login the session will last for 30 days. Thanks for the suggestion!