User should get logout after prefix idle time-suitecrm

In case user is idle for more than 10 min. it should get automatically logout of application.
It will be better if user is prompted that ‘save your work , system is logging out’.
How can we achieve this without changing php.ini file? (avoiding because multiple projects on same server)
suitecrm - Version 7.11.8

Thank you in advance.

I believe this thread is similar to

Looks like your version of SuiteCRM is a little out of date?

You might wish to upgrade to the latest verison of SuiteCRM in order to take advantage of various bugfixes/enhancements/security fixes? :slight_smile:

Hi @anothermouse again. great to see you here. We are planning to upgrade in future but currently I cant see any logout related change / fix in next version.

More a case of get the bug fixes and security patches done. Remember…‘Security is not a dirty word’ :grinning:

where I can add code in suitecrm like
check users activity continuously like if idle and if idle for 15 min+ will call logout.
is there any logic hook or anything else??

Let’s assume that we check every users activity continuously
…On the server that would be a bad idea as you’d end up with lots of unnecessary processing and it wouldn’t scale…I.e processing and CPU usage would rise rapidly with more users and really isn’t a carbon emissions friendly approach
…so let’s try it on the client. e.g. place a javascript function in the page to log the person out…but what if they are using chrome? (the majority of users) and they have another page open for the CRM and they get logged out randomly. OK - you can get round that by suspending all pages not being viewed, but definitely not user friendly or practical.

It’s so much better to have a trigger rather than a continuous check - something like the hook you mentioned, but I’m not aware of anything that could provide this. Therefore I consider that targeting the correct areas (the sessions themselves) as I outlined in:

…would be the best approach as it works directly on the cookies that indicate the login state (less intervening logic layer, ) therefore greater reliability of the process. Obviously see the provisio/edge cases that I mentioned in the post.

I even provided a full bash script to make it work. I guess that you could add something like this as a scheduled task made to run under cron.php, but doing it directly is always going to be more reliable.