DigitalOcean home
  • Droplets
  • Spaces
  • Kubernetes
  • Tools & Integrations
  • One-click Apps
  • API Documentation
  • Community
  • Tutorials
  • Q&A
  • Projects
  • Meetups
  • Customers
  • Pricing
  • Docs
  • Support
  • DigitalOcean home
  • Products
    • Droplets

      Scalable compute services.

    • Spaces

      Simple object storage.

    • Kubernetes

      Run managed Kubernetes clusters.

    • Tools & Integrations

      Automate your infrastructure.

    • One-click Apps

      Deploy pre-built applications.

    • API Documentation
  • Customers
  • Community
    • Community Overview

      Connect, share and learn

    • Tutorials

      DevOps and development guides

    • Questions & Answers

      Development and systems Q&A

    • Projects

      Community-built integrations

    Get Involved
    Write for DOnations
    Join us at a Meetup
    Featured Post
    An Introduction to Kubernetes

    by Justin Ellingwood

  • Pricing
  • Docs
  • Support
    • Documentation

    • Contact Support

    • Network Status

  • Home /
  • DO-I-2569 /
  • New idea
19 Vote

Log out users after a couple of minutes

...say, after 15 minutes or so.

  • Padde
  • Sep 11 2018
  • Future consideration
Accounts
  • Comments (15)
  • Votes (19)
  • Attach files
  • Moisey Uretsky commented
    11 Sep, 2018 07:06pm

    Looking to get more feedback and discussion around this request before we implement any changes.

    Thanks,
    Moisey

    ×

    Attachments Open full size

  • Moisey Uretsky commented
    11 Sep, 2018 07:06pm

    I think the simplest solution will be to just let customers set their timeout values themselves.

    This way those that like to stay logged in can do so, others can choose lower values.

    Thanks

    ×

    Attachments Open full size

  • Christian Pekeler commented
    11 Sep, 2018 07:06pm

    I prefer infinite sessions.

    ×

    Attachments Open full size

  • Christian Pekeler commented
    11 Sep, 2018 07:06pm

    No!

    ×

    Attachments Open full size

  • Moisey Uretsky commented
    11 Sep, 2018 07:06pm

    Thanks for the feedback =]

    ×

    Attachments Open full size

  • Mike commented
    11 Sep, 2018 07:06pm

    Absolutely, yes. I keep my browser open for weeks. It scares me that someone could go to digitalocean.com/droplets on my laptop, and have the ability to destroy my entire infrastructure without even having to reenter my password.

    ×

    Attachments Open full size

  • Nir Yemini commented
    11 Sep, 2018 07:06pm

    Not a good idea. I hate the "auto logout"!

    N

    ×

    Attachments Open full size

  • Moisey Uretsky commented
    11 Sep, 2018 07:06pm

    The current timeout is set to expire when you close your browser but we will be looking into implementing a timeout value that customers can choose themselves, most likely something like:

    Browser (stay logged in while browser is open)
    3 hours
    12 hours
    24 hours
    1 week

    If anyone has any other suggestions let us know!

    ×

    Attachments Open full size

  • Moisey Uretsky commented
    11 Sep, 2018 07:06pm

    We have another request for this and we'll be implementing timeout values that customers can set =]

    ×

    Attachments Open full size

  • Greg Fitzgerald commented
    11 Sep, 2018 07:06pm

    So this will be configurable? Personally I want my sessions to last longer. I work from home so I'm not to worried about others jumping on my computer.

    I prefer Google's approach where they only ask you to verify your two factor authentication token every 30 days.

    ×

    Attachments Open full size

  • Pablo commented
    11 Sep, 2018 07:06pm

    Totally roll w/the crowd that believes that 15 mins. is waaaaaaaay too short

    ×

    Attachments Open full size

  • Joel Wallis Jucá commented
    11 Sep, 2018 07:06pm

    A session management screen would be really good to have, so I can logout from some computer I've used to manage my droplets but doesn't have logged out.

    ×

    Attachments Open full size

  • Piotr WÅ‚odarek commented
    11 Sep, 2018 07:06pm

    Browser session gives unlimited access to the infrastructure hosted at DO.

    We really see this as a major threat to our production infrastructure.

    Even more so with a trend of laptops being rebooted very rarely by programmers and admins. In practice, the session persists for many days, and of course one cannot rely on "sign out" being always used by all team members.

    Please kindly implement an option to expire the session in a reasonable time frame (like 30 - 60 minutes).

    ×

    Attachments Open full size

  • Marcin DomaÅ„ski commented
    11 Sep, 2018 07:06pm

    IMO this is a security threat. If you want you can give the user the choice but at least make the default a finite value.

    ×

    Attachments Open full size

  • Maciej Jonasz commented
    11 Sep, 2018 07:06pm

    Every serious service/provider use automatic session expiration. You should implement this feature if you care about security of your real customers.

    For others who do not want automatic session expiration you might implement "Remember me" or similar checkbox on login page.

    Currently DigitalOcean keeps sessions even after closing web browser.

    DigitalOcean isn't Facebook or Instagram and should provide every possible mechanism to improve users security.

    ×

    Attachments Open full size

Log in / Sign up

Identify yourself with your email address

Subscribe

You won't be notified about changes to this idea.

Related ideas

Busy.b7e3690b94c43e444483fbc7927a6a9a
DigitalOcean home

© 2018 DigitalOcean, LLC. All rights reserved.
Proudly made in NY

  • Twitter
  • Facebook
  • Instagram
  • YouTube
  • LinkedIn
  • Glassdoor
Company
About
Leadership
Blog
Careers
Partner Network
Referral Program
Events
Press
Legal & Security
Products
Droplets
Spaces
Kubernetes
Tools & Integrations
One-click Apps
API
Pricing
Documentation
Release Notes
Community
Tutorials
Meetups
Q&A
Write for DOnations
Droplets for Demos
Hatch
Shop Swag
Research Program
Currents Research
Open Source
Support
Contact Support
FAQ
Network Status