The CMS and Console application automatically logout users that have not been active for a while. The 'maximum inactive' time is by default set to 30 minutes. Lingering sessions are thereby closed automatically, which improves security.
What is user activity?
User activity is currently defined as 'Ajax interaction with the backend'. Clicking an element in the UI and/or saving data will almost always trigger Ajax interaction.
Two Ajax interactions are currently excluded:
- the pinger that pulls in changes from concurrent sessions every 20 seconds
- the 'live updates' of the Realtime tab in the Audience perspective (available in the Relevance module)
Change the maximum interactive interval
The maximum inactive interval of an application is always specified in minutes and can be changed by adjusting the value of the following properties in the Console:
A value of 0 disables the active logout: users will then stay logged in as long as the browser window for that application remains open and active.
Active logout is disabled entirely when the application is run in Wicket development mode.
To check whether active logout is enabled or not, set the log level of org.hippoecm.frontend.plugins.cms.logout.ActiveLogoutPlugin to INFO.