I have implemented a custom authentication for node red using user-authentication.js file and mentioned it inside the setting.js file. I used the below documentation page
Securing Node Red
It is working fine. Now I want to implement a session timeout of 30 min for the users. How can I do that?
I have multiple users. Can I have a different session time out for different users?
Not sure, but don't forget that a lot of node-red communications happen over websockets and not http. With the ws(s) protocol, the only time you have access to the headers is on initial connection. After that, the connection is "upgraded" from http to ws.
So if you want any really session security, you will need to ensure that you have a way of blocking ws comms after a period of inactivity.
