Secure Server-Side Session Timeout | Inactivity Logout (Server Enforced)
by ByCorn Technologies https://www.bycorn.com| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 169 |
| Technical Name |
byc_session_expire_server |
| License | AGPL-3 |
| Website | https://www.bycorn.com |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 169 |
| Technical Name |
byc_session_expire_server |
| License | AGPL-3 |
| Website | https://www.bycorn.com |
Secure Server-Side Session Timeout
Unbypassable Security, Enforced by the Server
This module provides a robust, **server-enforced** mechanism to automatically terminate idle user sessions. Unlike client-side solutions that rely on browser JavaScript, this module checks session age on the server itself. This means security is guaranteed, even if a user closes their browser or has JavaScript disabled. It's the ultimate tool for organizations that prioritize data security and compliance.
When Should You Use This Module?
Choose this server-side module when security cannot be compromised. Here are a few examples in simple terms:
- For High-Security Needs: If you handle sensitive data (like in healthcare, finance, or government) and need to meet strict compliance standards like HIPAA, a server-enforced timeout is essential.
- On Shared or Public Computers: If users access Odoo from a shared computer (like a factory floor terminal or library), they might close the browser window without logging out. This module ensures their session is terminated on the server, protecting the next user from seeing their data.
- To Prevent Bypassing Security: A tech-savvy user can disable client-side (JavaScript) scripts. A server-side check is impossible for a user to bypass, guaranteeing the timeout is always enforced.
- For Cleaner Server Resources: This module helps the server clean up old, abandoned sessions, which can slightly improve overall server performance and resource management.
Key Security Features
Server-Enforced Timeout
The session check happens on the Odoo server with every user request, providing the highest level of security.
Granular User Targeting
Apply the timeout policy globally or enable a specific mode to only enforce it for a select list of users.
Zero Client-Side Impact
This module uses no JavaScript, meaning it has zero performance impact on the user's browser and works on any device.
Administrator Exclusion
Easily exempt the main Administrator account from the timeout, ensuring system maintenance is never interrupted.
Frequently Asked Questions
Can I set different timeouts for different user groups?
This version applies one timeout limit globally. However, you can use the "Apply to Specific Users Only" mode to enforce this limit on a targeted list of users, effectively creating different policies for different people (e.g., targeted users have a 15-minute timeout, all others have none).
Will users get a warning before being logged out?
No. Because this is a server-side check, the logout happens instantly when the user makes their next request after the timeout has passed. They will be immediately sent to the login screen. This is a trade-off for its high-security, unbypassable nature. For a solution with warnings, a client-side module is required.
Is this module compatible with Odoo Community & Enterprise?
Yes, this module is fully compatible and works seamlessly with both Odoo Community and Odoo Enterprise editions.
Ready to Implement Unbreakable Session Security?
Protect your Odoo instance with the most secure timeout solution. For support or inquiries, please get in touch.
support@bycorn.com
Please log in to comment on this module