Hi, maybe I was not search so deep, but I did not found the information in Meteor Docs, how and where I can set the time to logout user after for example 5 minutes of innactivity.
Q1:
I’m using the “accounts-ui@1.3.1” package. I found the possibility to set “loginExpirationInDays”: 0.05, but It not works correctly, because the login will expire sooner like expected. It seems to be, that loginExpiration time does not extend during working with the app.
Q2:
Also, how can I calculate 5 minutes. Calculate proportion of the day? With this way, it not works.
1 hours is 1/24 = 0.041
30 min is 0.041/2 = 0.020
5 min = (0.041/60)*5 = 0,003417
I set 0.05 and it’s about 10minutes, If I will set lower value than 0.04, it not works.
I’m asking to understand and make me clear, how It works and how can I setup correctly the expiration and how can I solve the problem with noextend expiration time, when I’m using the app.
loginExpirationInDays is not meant for inactivity measurement. It is used to balance between security and usability e.g. user does not have to login daily but must do it once a week
You need to handle inactivity on the UI. There are npm packages out there that sets the timeout from the last activity on the page and then call Meteor.logout when time is over, or reset the timer when activity is observed
@rjdavid And can you recommend me one by your BIG experiences please? I was searching in Atmosphere, I found one, but it was very old runnig with jQuery 1.x, which is insecure.
Sorry, I was combining two different things in my ideas above, connecting and inactivity.
On the server-side, it will require more work. In our case, we are using a current user subscription that once the subscription stops, we can delete the login tokens of the user
And can you give me an example? It not must be a copy paste src, but something to deeper understand, how to do this.
I can delete the the user token, but I was thinking, that somewhere exists Meteor component for this and if needed, I will call something each minute from cgi task for example to check and delete expired tokens.
But somewhere I must save a timestamp of last user request to server. But I don’t have an idea how to do this.
@rjdavid… yes, but still I don’t understand, how to check, which user tokens are alive and which user tokens was expired.
Probably I need to store somewhere to user.private the timestamp of theirs last request to the server (or something like that) to check the expiration. Does exists any Meteor server event which is called on each user request to the server?
@rjdavid …please, can you share only a short example?
Because, I think, that Meteor.userId will return the id when the user is logged-in and null if logged-out.
But, the user logout depends on account package and on the " loginExpirationInDays" option.
…but the loginExpirationInDays will logout the user for example 10minutes not from his last request to the server but from his login time (I think). Therefore this way will logout user sooner like expected without reflect, if user is currently active or not.
Again, we use publications to track the presence of a user. Then use the onStop() function of the publication as a trigger to check and/or update the presence status of the user.
We do not use loginExpirationInDays for inactivity tracking so I cannot help you on that part
Sorry, if I understand correctly, somewhere in publish you have this.onStop({…here you will update the timestamp and presence status somewhere in user profile…}); Can you send me the short example of the code?
@rjdavid Please, check the server.js on line 25. Now I’m updating all tokens by userId, but it’s of course wrong. How can I get the current user token and update only those token, which is currently using?
We actually use a separate collection called Presence which tracks if the user is active, idle, or offline. We do not touch the login tokens unless we all delete them for a single user (if I am correct, there is a function to delete all login tokens for a user). Sorry, far from my laptop
(Also check the posts above about a presence package. The only difference in that is that it keeps the presence data with the user collection)
@paulishca Thank youu! This is exactly, what I was searching for. But longer time I was not able to found a solution, therefore I was started to create my own package.