Disable "until i logout"

Is it possible to disable the “until i logout” option? We want to control when a session expires.

Not sure exactly what you want to do. By default remember me option controls the duration for which the passphrase is saved memory, and if you select “until I logout” will try to keep the server session alive (as these are two different things)

It is possible to disable the remember me plugin completely. Otherwise it is possible to adjust the remember me options by overriding the default plugin configuration in passbolt.php with for example:

'passbolt' => [
        'plugins' => [
            'rememberMe' => [
                'settingsVisibility' => [
                    'whiteListPublic' => [
                    'whiteList' => [
                'version' => '2.0.0',
                'options' => [
                    '300' => '5 minutes',
                    '900' => '15 minutes',
                   '1800' =>'30 minutes',
                   '3600' => '1 hour',
//                    '-1' => __('until I log out'),

Screenshot 2023-05-11 at 15.21.44

That’s what I was looking for. Thank you! :slight_smile:

We noticed a bug on that front on the quickaccess, we’re adding it to our list of things to do. Ref. PB-24612

The config has disabled the option on the web interface but It is still available on the browser extension.

Yes, exactly, this is the bug that we added in our todo list actually.

Ah, I unterstand. Has the checkbox no function now? How can I see the bug report? I tried to search the ref but couldn’t find it.

Looking at the code, the checkbox should still work as usual (keeping the session alive if it’s checked).

For the ticket ref, it’s at the moment an internal reference that is not publicly visible. However, you will be able to see that reference in the next version changelog to confirm the fix has been provided.

I tried to disable the plugin completely in hope this helps but the disable did not work.
Is this correct?

'rememberMe' => [
   'enabled' => false

Technically, it’s correct for most plugins. This one doesn’t work this way for the moment. I proposed in the ticket to add the possibility to totally disabled the plugin if desired (not only fixing the quickaccess bug).

If you do so, the application is using a default configuration instead and puts back all the time options (including the “Until I log out”)

Is it possible to disable the “quickaccess” login?

Unless I’m wrong, no, not that I know.

Is the rememberMe plugin activity-based or completely time-based?
Does it make a logout after e.g. 1 hour of inactivity or the 1 hour just past.

I think it should be since last activity.

For the browser extension it’s cookie-based calls to the api.