Admin Console Session Timeout

unilogic · Post by **unilogic** » Fri May 05, 2006 8:27 pm

Is there a way to make the admin UI expire its session after a set amount of time like you can set with the user UI? This is probably would be a good security measure as it would force a logout of a admin session after a certain amount of inactivity.
Ben

14319KevinH · Post by **14319KevinH** » Fri May 05, 2006 8:35 pm

Good question. I think the Admin user can have a session timeout just like a normal user. If not it should. Might not be able to edit that in the admin UI but it should be settable from zmprov. Seems like something the admin UI should add if it's not there today.

unilogic · Post by **unilogic** » Fri May 05, 2006 8:46 pm

From my experience, i.e. leaving an admin UI open all night long, it doesn't time out. I'll test it more tonight.

unilogic · Post by **unilogic** » Sat May 06, 2006 12:09 am

Well there is a zimbraAdminAuthTokenLifetime for each user and in the default CoS. This is a default 12 hours set which is a bit high if you ask me. There is no value for idle timeout like the client UI has, i.e. zimbraMailIdleSessionTimeout. So the admin UI doesn't seem to log itself out even with AuthTokenLifetime set short. Also I think in the Admin UI the time settings for Session Idle Timeout and AuthToken Lifetime should have a minutes option in the pull down next to it. One hour is quite a long time for idle logout.
Ben

14319KevinH · Post by **14319KevinH** » Mon May 08, 2006 11:47 am

Those both seem like valid enhancements.