Hi guys and hello node-red team,
Is it possible to implement auto-logout after 2 minutes of inactivity in node-red dashboard using settings.js file?
I looked online but found no information. Though someone mentioned to use custom javascript function. But my programming expertise does not lie with it....
Looking forward for the suggestion
Regards,
Shubham
Hi @shubhamnodered
I don't believe there is. I know this is a difficulty @knolleary has faced too within our FlowFuse work, not sure we found a solution?
Likely to be tied into the fact that D2 is primarily using Socket.IO for comms between clients and Node-RED. UIBUILDER has the same issue.
Because Socket.IO mainly relies on websockets, you don't get to use custom headers and so having a robust session management process is a hard ask.
In addition, you need to work out what "inactivity" means in these cases? What if a user is simply reading information on-screen? How often is a user likely to actually interact with your web page?
You also need to implement user management on the server (less of a problem for FlowFuse possibly) that includes session management. Generally this involves using a cookie and/or a JWT. You also have to deal with whether you want sessions to auto-extend (which you normally do up to a given point).
This is why session management is often best done outside of a microservice like Node-RED, is indeed I think it is for FlowFuse users. But again, that service needs to deal with the fact that updates are mostly not happening over HTTPS but over WSS and so any token data may need to be embedded into the messages being passed in both directions.