I wanted a user to be logged out automatically when he is inactive for some time. And I used the stale session package for that. The problem is that it is not logging out the user after the given time it only works sometimes not everytime.
Below is the code I added in settings.json file
"staleSessionInactivityTimeout": 10000,
"staleSessionHeartbeatInterval": 1000,
"staleSessionPurgeInterval": 4000,
"staleSessionActivityEvents": "click keydown",
"staleSessionForceLogout" : true,
Any help would be appreciated.
fg1
December 24, 2019, 12:10pm
2
did you found the answer ?
fg1
January 3, 2020, 8:39am
4
in Meteor.startup(function () { …
i have added Accounts.validateLoginAttempt(function(attempt) { …
with a console.log( attempt.type …
it result the unattended reconnect is of type “resume ”
this occur ramdomly once in a while
so it seems zuuk:stale-session@1.0.8 really have an issue ( just reported staleSessionInactivityTimeout ramdomly not working once in a while · Issue #23 · lindleycb/meteor-stale-session · GitHub )
as it is a major security concern i wonder how other people do ?
I was looking into using this package and noticed that it “rolls its own” heartbeat pattern… doesn’t Meteor already have a DDP heartbeat pattern?
I’m wondering why this or another package doesn’t hook into that instead of creating a new setInterval and database flag that tracks all this.
Weary of using a package like this.
