security-dashboards-plugin icon indicating copy to clipboard operation
security-dashboards-plugin copied to clipboard

Published 20 hours ago verified publisher icon opensearch-project

[FEATURE] Inactivity timer

Open HuanLiangAFS opened this issue 1 year ago • 4 comments
trafficstars

Is your feature request related to a problem? Please describe.

Opensearch-dashboard features a refresh option that refreshes dashboard by a user-defined time interval. Using this feature can cause the timeout session configured in opensearch-dashboards.yml to never timeout. Haven't found anything that addresses this so far.

Describe the solution you'd like

Session expiration should work the same whether dashboard refresh is on or off. If a user leaves his/her computer for a long period of time with refresh on, we expect the user to be automatically logged off.

Describe alternatives you've considered

No alternative besides not using refresh. Maybe using sockets to update dashboard items would solve the problem or have a separate api when auto-refreshing and excluding those from session timeout timer.

HuanLiangAFS avatar Mar 12 '24 01:03 HuanLiangAFS

[Triage] @HuanLiangAFS There is a configuration setting called opensearch_security.session.keepalive: false to disable keepalive (session extension on active usage). Would this solve your issue?

cwperks avatar Mar 18 '24 15:03 cwperks

@cwperks Unfortunately, not all the way. Setting opensearch_security.session.keepalive: false will never update the session timer. We would still like to update the timer if the user for example goes to a different opensearch page or interacts with something on the dashboard. The only issue is we don't want the automatic dashboard refresh to count as an interaction.

HuanLiangAFS avatar Mar 19 '24 17:03 HuanLiangAFS

[Triage] Thanks for filing this issue @HuanLiangAFS. This sounds like a request for an activity timer feature or something similar. This is something that we can look into adding or you are welcome to open a PR for this feature.

stephen-crawford avatar Apr 01 '24 15:04 stephen-crawford

[Triage] Thanks for filing this issue @HuanLiangAFS. This sounds like a request for an activity timer feature or something similar. This is something that we can look into adding or you are welcome to open a PR for this feature.

Just a clarification, there currently is an existing activity timer, we would like one that excludes activity from opensearch-dashboard's auto-refresh.

HuanLiangAFS avatar Apr 04 '24 16:04 HuanLiangAFS