Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logout session #1006

Closed
4 tasks
ghost opened this issue Sep 16, 2019 · 8 comments
Closed
4 tasks

Logout session #1006

ghost opened this issue Sep 16, 2019 · 8 comments
Assignees
@szolin
Labels
feature request P3: Medium
Milestone
v0.100

Comments

@ghost
Copy link

ghost commented Sep 16, 2019
edited by ghost
Loading

Feature Request

  • Logout each sessions. (logout button) User Accounts for AdGuardHome #997
  • Default timeout limit (session autologout)
  • View and revoke active sessions.
  • Sessions history and failed attempts. (log)
    (log timestamp by default and optional with IP)
@ghost
Copy link
Author

ghost commented Sep 20, 2019

One more thing, If restart current AGHome while logged-in then able re-establish session without require password. I think it's necessary to change :)

@ameshkov
Copy link
Member

One more thing, If restart current AGHome while logged-in then able re-establish session without require password. I think it's necessary to change :)

Why, that's how it was supposed to work -- we store sessions in a tiny DB for that.

@ameshkov ameshkov added this to the v0.101 milestone Sep 20, 2019
@ghost
Copy link
Author

ghost commented Sep 20, 2019

Why, that's how it was supposed to work -- we store sessions in a tiny DB for that.

As my opinion it must be limited as long as AGHome service running (optional: certain time period). Once restarted the service or get activated from any state, recent sessions should no longer be used however session history logs keep unless manually clear it.

Somehow if not prefer it and has any scenario to be user friendly then if decide to implement above *View and revoke active sessions feature will fulfill it ^_^

@ghost ghost closed this as completed Sep 20, 2019
@ghost ghost reopened this Sep 20, 2019
@ameshkov
Copy link
Member

As my opinion it must be limited as long as AGHome service running (optional: certain time period).

Currently, session TTL is limited with 24 hours since the last use.

This was referenced Sep 22, 2019
Closed
Closed
@szolin
Copy link
Contributor

szolin commented Nov 5, 2019

I suggest we start with the simple things first:

  • add auth_session_expire 30d configuration setting
  • make a button to delete all sessions, except the current one
  • make info-level logging for failed login attempts
  • make info-level logging for successful logins

@ameshkov
Copy link
Member

ameshkov commented Nov 7, 2019

@Archivebase could you please make a separate feature request for this one?

View and revoke active sessions.

It's definitely too complicated to have it here.

make a button to delete all sessions, except the current one

Tbh, I don't think this is necessary, session_ttl setting would be more than enough.

@szolin szolin self-assigned this Nov 7, 2019
@ghost ghost mentioned this issue Nov 7, 2019
Open
@ghost
Copy link
Author

ghost commented Nov 7, 2019

make info-level logging for failed login attempts
make info-level logging for successful logins

It might be better atleast last 5-10 attempts history viewable within web interface and rest stored in log, may includes each session start and end time with reason whether signout or timeout.
(additional: option to set in config to disable, basic* time:date, advanced* info level with IPs)

@ameshkov
Copy link
Member

ameshkov commented Nov 7, 2019

@Archivebase I guess "viewable login history" should be also a separate feature request then.

@ghost ghost mentioned this issue Nov 7, 2019
Open
@ameshkov ameshkov modified the milestones: v0.101, v0.100 Nov 12, 2019
@szolin szolin mentioned this issue Nov 12, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@szolin szolin

Labels
feature request P3: Medium
Projects
None yet
Milestone
v0.100
Development

No branches or pull requests
2 participants
@ameshkov @szolin