Disable "until i logout"

sebastianjacobs · May 11, 2023, 1:10pm

Is it possible to disable the “until i logout” option? We want to control when a session expires.

remy · May 11, 2023, 1:28pm

Not sure exactly what you want to do. By default remember me option controls the duration for which the passphrase is saved memory, and if you select “until I logout” will try to keep the server session alive (as these are two different things)

It is possible to disable the remember me plugin completely. Otherwise it is possible to adjust the remember me options by overriding the default plugin configuration in passbolt.php with for example:

'passbolt' => [
        'plugins' => [
            'rememberMe' => [
                'settingsVisibility' => [
                    'whiteListPublic' => [
                        'options',
                    ],
                    'whiteList' => [
                        'options',
                    ],
                ],
                'version' => '2.0.0',
                'options' => [
                    '300' => '5 minutes',
                    '900' => '15 minutes',
                   '1800' =>'30 minutes',
                   '3600' => '1 hour',
//                    '-1' => __('until I log out'),
                ],
            ],

Screenshot 2023-05-11 at 15.21.44

sebastianjacobs · May 11, 2023, 1:33pm

That’s what I was looking for. Thank you!

remy · May 11, 2023, 1:50pm

We noticed a bug on that front on the quickaccess, we’re adding it to our list of things to do. Ref. PB-24612

sebastianjacobs · May 11, 2023, 1:57pm

The config has disabled the option on the web interface but It is still available on the browser extension.

Steph · May 11, 2023, 1:58pm

Yes, exactly, this is the bug that we added in our todo list actually.

sebastianjacobs · May 11, 2023, 2:00pm

Ah, I unterstand. Has the checkbox no function now? How can I see the bug report? I tried to search the ref but couldn’t find it.

Steph · May 11, 2023, 2:07pm

Looking at the code, the checkbox should still work as usual (keeping the session alive if it’s checked).

For the ticket ref, it’s at the moment an internal reference that is not publicly visible. However, you will be able to see that reference in the next version changelog to confirm the fix has been provided.

sebastianjacobs · May 11, 2023, 2:46pm

I tried to disable the plugin completely in hope this helps but the disable did not work.
Is this correct?

'rememberMe' => [
   'enabled' => false
]

Steph · May 11, 2023, 3:29pm

Technically, it’s correct for most plugins. This one doesn’t work this way for the moment. I proposed in the ticket to add the possibility to totally disabled the plugin if desired (not only fixing the quickaccess bug).

If you do so, the application is using a default configuration instead and puts back all the time options (including the “Until I log out”)

sebastianjacobs · May 11, 2023, 4:05pm

Is it possible to disable the “quickaccess” login?

Steph · May 12, 2023, 7:23am

Unless I’m wrong, no, not that I know.

sebastianjacobs · June 30, 2023, 11:47am

Is the rememberMe plugin activity-based or completely time-based?
Does it make a logout after e.g. 1 hour of inactivity or the 1 hour just past.

garrett · July 1, 2023, 12:07am

I think it should be since last activity.

For the browser extension it’s cookie-based calls to the api.