Is there a way to make the admin UI expire its session after a set amount of time like you can set with the user UI? This is probably would be a good security measure as it would force a logout of a admin session after a certain amount of inactivity.
Ben
Admin Console Session Timeout
-
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
Admin Console Session Timeout
Good question. I think the Admin user can have a session timeout just like a normal user. If not it should. Might not be able to edit that in the admin UI but it should be settable from zmprov. Seems like something the admin UI should add if it's not there today.
Admin Console Session Timeout
From my experience, i.e. leaving an admin UI open all night long, it doesn't time out. I'll test it more tonight.
Admin Console Session Timeout
Well there is a zimbraAdminAuthTokenLifetime for each user and in the default CoS. This is a default 12 hours set which is a bit high if you ask me. There is no value for idle timeout like the client UI has, i.e. zimbraMailIdleSessionTimeout. So the admin UI doesn't seem to log itself out even with AuthTokenLifetime set short. Also I think in the Admin UI the time settings for Session Idle Timeout and AuthToken Lifetime should have a minutes option in the pull down next to it. One hour is quite a long time for idle logout.
Ben
Ben
-
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
Admin Console Session Timeout
Those both seem like valid enhancements.