by Jeff Eaton on July 15, 2013 // Short URL

Module Monday: Auto Logout

Disconnect idle users to keep unattended computers safe

It's inevitable: no matter how secure your web site is, Murphy's Law ensures that one of your site's users will eventually leave their account logged in, and their computer unlocked. If they're a new visitor to the site, the stakes are low, but if an administrator's account is left logged in on an insecure computer, it can be disastrous. Many banks and e-commerce sites solve the problem with an aggressive session timer. If you're not active in your browser for twenty minutes, you're logged out. With the Auto Logout module, you can give your site's users the same protection.

Once installed, Auto Logout gives site builders a host of configuration options. Session timeouts can be managed on a per-role and per-user basis; optional on-screen countdowns and warnings can prompt users before they're disconnected to avoid lost work; and site builders can tweak everything from the text of the warnings to the URL they're redirected to once they're disconnected.

Auto Logout module doesn't cover every use case: if you need to prevent people from logging in on multiple computers, for example, additional modules like Session Limit are required. It's a quick and easy feature to add, however, and one that can save your users' bacon if they're prone to leaving a computer unattended.