Hi guys and hello node-red team,
Is it possible to implement auto-logout after 2 minutes of inactivity in node-red dashboard using settings.js file?
I looked online but found no information. Though someone mentioned to use custom javascript function. But my programming expertise does not lie with it....
Looking forward for the suggestion
Regards,
Shubham
I don't believe there is. I know this is a difficulty @knolleary has faced too within our FlowFuse work, not sure we found a solution?
Likely to be tied into the fact that D2 is primarily using Socket.IO for comms between clients and Node-RED. UIBUILDER has the same issue.
Because Socket.IO mainly relies on websockets, you don't get to use custom headers and so having a robust session management process is a hard ask.
In addition, you need to work out what "inactivity" means in these cases? What if a user is simply reading information on-screen? How often is a user likely to actually interact with your web page?
You also need to implement user management on the server (less of a problem for FlowFuse possibly) that includes session management. Generally this involves using a cookie and/or a JWT. You also have to deal with whether you want sessions to auto-extend (which you normally do up to a given point).
This is why session management is often best done outside of a microservice like Node-RED, is indeed I think it is for FlowFuse users. But again, that service needs to deal with the fact that updates are mostly not happening over HTTPS but over WSS and so any token data may need to be embedded into the messages being passed in both directions.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy