by Jeff EatonJuly 15, 2013

Module Monday: Auto Logout

It's inevitable: no matter how secure your web site is, Murphy's Law ensures that one of your site's users will eventually leave their account logged in, and their computer unlocked. If they're a new visitor to the site, the stakes are low, but if an administrator's account is left logged in on an insecure computer, it can be disastrous. Many banks and e-commerce sites solve the problem with an aggressive session timer. If you're not active in your browser for twenty minutes, you're logged out. With the Auto Logout module, you can give your site's users the same protection.


Once installed, Auto Logout gives site builders a host of configuration options. Session timeouts can be managed on a per-role and per-user basis; optional on-screen countdowns and warnings can prompt users before they're disconnected to avoid lost work; and site builders can tweak everything from the text of the warnings to the URL they're redirected to once they're disconnected.


Auto Logout module doesn't cover every use case: if you need to prevent people from logging in on multiple computers, for example, additional modules like Session Limit are required. It's a quick and easy feature to add, however, and one that can save your users' bacon if they're prone to leaving a computer unattended.

If you enjoyed this article, you may also enjoy...
Sign up for the Lullabot Newsletter and get our latest articles and more direct to your inbox

We can partner with you!

We’ve accomplished some amazing things for some really great clients. We’d love to talk about how we can help your next project!

Tell us about your project

You can be a ’bot!

We have an amazing team of friendly experts in a number of disciplines. We work hard, have lots of fun together, and take great care of our team.

See our open positions