Logout open windows once session expires

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

In the application settings (Admin → Settings) the Session duration (minutes) can be adjusted. The default is 10080 hours (7 days). When the session expires, subsequent requests are made as an authenticated public user.

In environments where security is a concern customers might decrease the session expiry time to reduce the risk of an unattended computer providing access to confidential information. Any information that is already open in the browser continues to be viewable.

Proposal

Add the option to automatically logout open tabs once the session expires (e.g. like a bank interface with popups 'You will be logged for inactivity in 60 seconds')

Original report This came to my attention after a customer mentioned that the session timeout seemed to not be working. I tried to replicate it and at first I thought it was a bug. I set the timeout to 1 minute, restarted GitLab, logged out and back in and after a minute I was still logged in. I waited 20 minutes and nothing. I closed the tab and opened it again and then I was logged out. I tried that again after 1 minute and now it worked.

It seems that session only expires after you close the window. To me this is not the expected behavior of a session timeout. I would expect to be logged out automatically after 1 minute.

So this is the feature request: Add a Javascript function that automatically logs you out after whatever time is set in the settings.

Links

Edited by 🤖 GitLab Bot 🤖