Hi Strapi users, i would like to ask whether there is a way to perform the following in strapi admin backend ?
- How to auto logout from admin once there is x minute(s) of idling ?
- How to force logout from devices for any concurrent same admin username login ?
Thanks : )
Im also interested in this. My understanding is that the admin interface is in effect a React app so it would be possible to custom, but it would be good to understand what the current default behaviour is etc.
This isn’t possible without customization and implementing your own middleware style blacklist/whitelist with auto cleanup.
We use JWT (JSON web tokens) meaning once the token is issued it can’t be revoked without changing the server secret which invalidates all JWT. Meaning you need to intercept the requests and add them to a blacklist/whitelist.
Ideally in a timeout, you would update the black/white list with the last request time, and have some kind of auto-cleanup script to purge entries after a certain amount of time. In the case of a whitelist, if the JWT isn’t in the whitelist then deny the request.