Fotoware session handling
User sessions time out after a configurable amount of inactivity, even if a user has open Fotoware browser tabs. This prevents potential abuse of open user sessions when users leave their workplace without logging out.
By default, Fotoware allows users to choose to stay permanently signed in, also known as a persistent login. In practice, this means that when logging in to Fotoware, they can select a checkbox to allow their browser to stay signed in indefinitely. Unless the user manually signs out again, they will be able to open their browser to the Fotoware site and be automatically authenticated and signed in.
Where are persistent logins configured?
Administrators can configure settings related to persistent logins in the site configuration (Tools - Site Configuration). Expand the Security tab and select the Login and sessions node. The settings are found in the Session timeout section.
If the admin chooses to allow users to stay signed in by ticking the checkbox seen in the screenshot, users will have the possibility to stay signed in permanently. This will cause the session to last as long as there are open Fotoware browser tabs. The user will also be automatically logged in when visiting Fotoware again after closing all Fotoware browser tabs. This option can be disabled by administrators for added security.
Note: If you turn off this option (disabling persistent logins), the session will time out according to the session timeout interval set below.
Session timeout settings
The session timeout setting defines how long users remain logged in while being inactive.
If a user chooses to stay signed in, they will remain signed in on the device permanently, even if inactive, regardless of the session timeout setting. However, unless the user has open browser windows, the user's session will disappear from the session list on the server after the session timeout, which will allow the user to log in on other devices.