Meteor stale session auto logout not working when the user is inactive

I wanted a user to be logged out automatically when he is inactive for some time. And I used the stale session package for that. The problem is that it is not logging out the user after the given time it only works sometimes not everytime.

Below is the code I added in settings.json file

    "staleSessionInactivityTimeout": 10000,
    "staleSessionHeartbeatInterval": 1000,
    "staleSessionPurgeInterval": 4000,
    "staleSessionActivityEvents": "click keydown",
    "staleSessionForceLogout" : true,

Any help would be appreciated.

did you found the answer ?

:thinking:

I need the same :blush:

in Meteor.startup(function () { …

i have added Accounts.validateLoginAttempt(function(attempt) { …

with a console.log( attempt.type …

it result the unattended reconnect is of type “resume

this occur ramdomly once in a while

so it seems zuuk:stale-session@1.0.8 really have an issue ( just reported https://github.com/lindleycb/meteor-stale-session/issues/23 )

as it is a major security concern i wonder how other people do ? :ambulance:

I was looking into using this package and noticed that it “rolls its own” heartbeat pattern… doesn’t Meteor already have a DDP heartbeat pattern?

I’m wondering why this or another package doesn’t hook into that instead of creating a new setInterval and database flag that tracks all this.

Weary of using a package like this.