Session timeout security improvment
Registered by
Tzach Shefi
Horizon uses a default sessions_timeout for obvious security reasons, this feature could be improved. On session_timeout I'd actively logout from Horizon automatically, returning to login screen.
Today if you leave the dashboard untouched (even after session_timeout) dashboard will remain "visible" until user input causes login screen to pop-up. Critical infrastructure data may be potentiality exposed by a user / admin who forgot to lock his station before leaving for lunch..
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Not
- Drafter:
- Tzach Shefi
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
- David Lyle
Related branches
Related bugs
Sprints
Whiteboard
[david-lyle] If this is a concern, the user should configure their OS desktop to lock screen on timeout. I don't see this as the job of Horizon.
(?)
