| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 249 |
| Technical Name |
auto_web_session_timeout |
| License | OPL-1 |
| Website | https://bitlevelcode.com |
| Versions | 17.0 18.0 |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 249 |
| Technical Name |
auto_web_session_timeout |
| License | OPL-1 |
| Website | https://bitlevelcode.com |
| Versions | 17.0 18.0 |
Auto Session Timeout | Auto Logout User
Automatically expire inactive internal user sessions in Odoo 17
This module enhances Odoo security by monitoring real browser activity and automatically logging out internal users after a configurable period of inactivity. It is built as a lightweight web client service that respects tab visibility, detects user idle time, and relies on a server-side last-activity timestamp that continues to age even when the browser is closed.
Quick Overview About Auto Session Timeout | Auto Logout User
A focused security add-on for Odoo 17 that automatically logs out inactive internal users. The timeout is fully configurable and enforced server-side, while the web client tracks real user activity, tab visibility, and idle time to avoid unnecessary logouts.
Stronger session security
Reduce the risk of unauthorized access from forgotten or shared workstations by expiring inactive back‑office sessions automatically.
Configurable timeout
Set the inactivity timeout in seconds via configuration. The default is 300 seconds (5 minutes), with robust handling of invalid values.
Internal users only
The timeout applies only to internal users. Portal and public visitors are explicitly excluded from the session timeout logic.
Features
Designed as a native Odoo 17 web client service with dedicated backend logic for session security. The module stays aligned with the standard UX and does not introduce pop‑ups or intrusive dialog boxes.
Automatic logout User after inactivity
The backend stores a server‑side last‑activity timestamp for every internal user session. When the elapsed time exceeds the configured timeout, the session is invalidated and the user is redirected to the login page.
Aware of tab visibility
Heartbeat requests are sent only while the Odoo tab is visible. When the tab is hidden, minimized, or moved to the background, heartbeats stop and the server timestamp ages naturally.
Real activity and idle detection
Mouse movement, clicks, key presses, scrolling, and touch events reset an internal idle timer. While the user is idle on a visible tab, heartbeats pause so the session can expire as expected.
Browser‑close safe
The timeout is evaluated on the server, not only in JavaScript. If a user simply closes the browser, the last‑activity timestamp continues to age and the session can still time out while the browser is closed.
Native Odoo 17 web service
Implemented as an Odoo service registered in the web client registry with standard backend session logic. No core hacks or monkey‑patching are used, keeping the solution maintainable and upgrade‑friendly.
Transparent user experience
Users work normally in the standard Odoo interface. When the timeout has been reached, they are redirected cleanly to the login page without extra configuration steps on each screen.
How It Works
A lightweight JavaScript service runs in the Odoo web client to track user activity, while the Odoo backend stores and evaluates the last‑activity timestamp for each internal user session.
Load configuration
When a user opens the backend, the web client reads the configured timeout and initializes the internal timers for the current session.
Track real activity
Mouse movements, clicks, keyboard input, scrolling, and touch events update the in‑browser notion of activity and keep the session fresh while the user is working.
Pause when idle or hidden
When the user is idle or the browser tab is no longer visible, the heartbeat to the backend is paused so that the last‑activity timestamp can age normally.
Timeout and logout
The backend checks how long ago the last activity occurred. If the configured timeout is exceeded, the session is closed and the next navigation leads the user back to the login page.
Configuration Guide
You can set the timeout once and apply it to all internal users. No per‑user configuration is required.
Install the module
Go to Apps, search for “Auto Web Session Timeout”, and install the module like any standard Odoo add‑on.
Set timeout from Settings
Open Settings → General Settings and locate the Session Security block. Use the Auto Session Timeout | Auto Logout User field to choose the timeout in seconds for internal users.
Fine‑tune via System Parameters
For advanced configuration, go to
Settings → Technical → System Parameters and adjust
activity_session_timeout_key. The value is in seconds
(default 300).
Screenshots
A visual overview of the Auto Web Session Timeout configuration and how inactive sessions are automatically logged out in Odoo 17.
Frequently Asked Questions
Does the timeout apply to portal or public users?
No. The module checks if the current user is internal and applies the timeout only in that case. Portal and public users always bypass the timeout logic.
What happens if the browser is closed?
The last‑activity timestamp is stored on the server. If the browser is closed and the user comes back after the configured timeout, the session will already be considered expired and the user will be redirected to the login page.
What is the default timeout value?
If no system parameter is set or an invalid value is provided, the module automatically falls back to 300 seconds (5 minutes).
Is there a visible countdown for users?
The module relies on a silent background countdown with periodic checks to keep the experience aligned with the standard Odoo interface. Users are redirected to the login page when the timeout is reached.
Is it compatible with Odoo Community and Enterprise?
Yes. The module targets Odoo 17 and is compatible with both Community and Enterprise editions as long as the standard web client is used.
Our Apps
Explore more productivity and security apps for Odoo. If you are looking for a specific feature, feel free to contact us for a recommendation.
Need Help or Customization?
If you need assistance configuring the timeout, aligning it with your security policies, or extending the behavior, you can contact us for support.
Contact
Write to us and we will respond as soon as possible.
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module