User sessions time out after a configurable amount of time of inactivity, even if a user has open FotoWeb browser tabs. This prevents potential abuse of open user sessions when users leave their workplace without logging out.
By default, FotoWeb allows users to choose to stay permanently signed in, also known as a persistent login. In practice, this means that when logging in to FotoWeb, they can tick a checkbox to allow their browser to stay signed in indefinitely. Unless the user manually signs out again, he will be able to open his browser to the FotoWeb site and be automatically authenticated and signed in.
Where are persistent logins configured?
Administrators can configure settings related to persistent logins in the Operations Center. Go to the Settings tab, expand the Behavior group and select the Authentication node. The settings are found in the Session timeout section.
If the admin chooses to allow users to stay signed in by ticking the checkbox seen in the screenshot, users will have the possibility to stay signed in permanently. This will cause the session to last as long as there are open FotoWeb browser tabs. The user will also be automatically logged in when visiting FotoWeb again after closing all FotoWeb browser tabs. This option can be disabled by administrators for added security.
Note: By unticking this option (disabling persistent logins) the session will time out according to the session timeout interval set below.
Session timeout settings
The session timeout setting defines how long users remain logged in while being inactive.
If a user chooses to stay signed in, he will experience to remain signed in on the device permanently, even if inactive, and regardless of the session timeout setting. However, unless the user has open browser windows, the user's session will disappear from the session list on the server after the session timeout, which will allow the user to log in on other devices.