Active logout - BloomReach Experience - Open Source CMS

This article covers a Hippo CMS version 10. There's an updated version available that covers our most recent release.

05-02-2016

Active logout

This feature is available since Hippo CMS 10.2.0

The CMS and Console application automatically logout users that have not been active for a while. The 'maximum inactive' time is by default set to 30 minutes. Lingering sessions are thereby closed automatically, which improves security.

What is user activity?

User activity is currently defined as 'Ajax interaction with the backend'. Clicking an element in the UI and/or saving data will almost always trigger Ajax interaction.

Two Ajax interactions are currently excluded:

  • the pinger that pulls in changes from concurrent sessions every 20 seconds
  • the 'live updates' of the Realtime tab in the Audience perspective (available in the Relevance module)

Change the maximum interactive interval

The maximum inactive interval of an application is always specified in minutes and can be changed by adjusting the value of the following properties in the Console:

  • CMS:
    /hippo:configuration/hippo:frontend/cms/cms-static/root/max.inactive.interval.minutes
  • Console:
    /hippo:configuration/hippo:frontend/console/console/root/max.inactive.interval.minutes

A value of 0 disables the active logout: users will then stay logged in as long as the browser window for that application remains open and active.

For developers

Active logout is disabled entirely when the application is run in Wicket development mode.

To check whether active logout is enabled or not, set the log level of org.hippoecm.frontend.plugins.cms.logout.ActiveLogoutPlugin to INFO.

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?