VS Portal Session does not expire if page is closed
bschlaman opened this issue · comments
TL;DR
While having the VS portal UI open, the session will expire after SESSION_IDLE_TIMEOUT minutes of inactivity (20 min default). However, if the page is closed, the session seems to remain active for an indefinite amount of time.
Expected behavior
When navigating to the portal after it was closed out for more than 20 min, the user should be prompted to log in again.
Observed behavior
The login screen flashes for a moment, and the user is automatically logged in.
Reproduction
- Log in normally
- Close out of the portal
- Wait >20min (can be overnight)
- Navigate to the login page, user is automatically logged in
Environment
- OS: Windows, Linux
- Browser: Chrome, Chromium
Additional information
Not sure if this happens every time or just some of the time.
/assign @whaught
I don't believe the session will remain active indefinitely - SESSION_DURATION
sets the ttl to 20h by default. Let me check to see if we're bumping activity on the session before doing the idle check
I'm pretty sure this has happened with time >20hrs, although I can't confirm that for sure. I closed out of a session earlier today, so I'll test this tomorrow after 20hrs have passed.