Logout behavior

Hi there,

can someone explain me how passbolt should normally behave in terms of logout?
I thought I read once that passbolt notices when you lock the computer and then logs out automatically?
Even if the browser is completely closed, we are still logged in after starting the browser again, is this normal?

Thanks in advance!

Hi @avax No, to me this does not seem normal as the session should end. However, since you are experiencing this can you share the OS/version and browser/version? Also have you confirmed the process for the browser is also ended (though it appears to be closed, maybe it is not)?

Hi @garrett,
thanks for your response.
I think i could nail it down to the following Setting.
If you turn on “continue where you left off” in Chrome(Version 98.0.4758.10) or Edge(Version 98.0.1108.62) the problem apears, even after ending the task completely in the taskmanager.

Windows 10 20H2
Passbolt 3.5.0

1 Like

Hi,

When you connect to passbolt, you have some cookies with an expiration setting set to Session:

For me, as long as these cookies are present on your browser and if the PHP session is still valid on server side, you remain logged.

Usually, people ask to increase the auto-logout and it is described in this FAQ: Passbolt Help | How to increase auto logout time?

The default PHP session lifetime is 1440 seconds.

Cheers,

Hi @_jc ,

then this is an intentional behavior?
Is your suggestion to reduce the session lifetime?

Regards

EDIT: have a look at the answer from @remy just below.

I would say I guess it is a standard behavior. If you want to be disconnected from passbolt when the browser is closed, remove the cookies for passbolt.

Cheers,

@_jc @avax the “session” flag for the cookie means that the cookie is removed when the client is closed. This is the expected behavior, e.g. if you close completely your browser you are logged out from passbolt.

Expires=<date>
If unspecified, the cookie becomes a session cookie. 
A session finishes when the client shuts down, after which the session cookie is removed.

If that is not the case then a browser setting is overriding this behavior. Passbolt extension doesn’t manage the cookie manually, it is transparent and relying on default browser behavior.

Thank you very much for the help both of you!
I could solve the problem with adding our passbolt url in the following setting in Chrome and the corresponding setting in Edge.
image

By chance is Google Now running which keeps processes going even when the browser is closed? After extension install and browser close on the first time, it may give a prompt in the task bar notifying it’s still running.

As i mentioned above, i have closed everything Google related in the task manager entierely.
Also, the problem appeared in Microsoft Edge as well, there should be no connection with google now?

Agreed. I think the first setting you identified is the main cause. The second setting would be a workaround to the default. Thanks for posting, this will definitely be helpful to others.