Page 1 of 1

Admin Console Session Timeout

Posted: Fri May 05, 2006 8:27 pm
by unilogic
Is there a way to make the admin UI expire its session after a set amount of time like you can set with the user UI? This is probably would be a good security measure as it would force a logout of a admin session after a certain amount of inactivity.
Ben

Admin Console Session Timeout

Posted: Fri May 05, 2006 8:35 pm
by 14319KevinH
Good question. I think the Admin user can have a session timeout just like a normal user. If not it should. Might not be able to edit that in the admin UI but it should be settable from zmprov. Seems like something the admin UI should add if it's not there today.

Admin Console Session Timeout

Posted: Fri May 05, 2006 8:46 pm
by unilogic
From my experience, i.e. leaving an admin UI open all night long, it doesn't time out. I'll test it more tonight.

Admin Console Session Timeout

Posted: Sat May 06, 2006 12:09 am
by unilogic
Well there is a zimbraAdminAuthTokenLifetime for each user and in the default CoS. This is a default 12 hours set which is a bit high if you ask me. There is no value for idle timeout like the client UI has, i.e. zimbraMailIdleSessionTimeout. So the admin UI doesn't seem to log itself out even with AuthTokenLifetime set short. Also I think in the Admin UI the time settings for Session Idle Timeout and AuthToken Lifetime should have a minutes option in the pull down next to it. One hour is quite a long time for idle logout.
Ben

Admin Console Session Timeout

Posted: Mon May 08, 2006 11:47 am
by 14319KevinH
Those both seem like valid enhancements.