[Self-Hosted] Login Timeouts

Since an update a couple versions back, I’ve noticed that IN keeps logging me out every single time I close the window. Nothing’s changed as far as cookie settings in my browser, and it used to only do that every few hours.

I think I remember seeing a post somewhere about an .env setting to change when it logs you out, but for the life of me I can’t find it.

Try changing this value to true:

https://github.com/invoiceninja/invoiceninja/blob/master/config/session.php#L34

We’ll look into making this an .env setting.

That did the trick. Looks like one of the updates set it to true instead of false, so it was automatically expiring every time the window closed.

Thanks Hillel!

Sidenote: Could have sworn I saw someone mention an .env variable somewhere. But I’ve been wrong before, lol.

You probably saw these mentioned but they’re slightly different:

https://github.com/invoiceninja/invoiceninja/blob/master/.env.example#L56

How work the 'lifetime' => env('SESSION_LIFETIME', (60 * 8)), variable ?

Does it mean 8 hours ? ?

I’d like to set my timeout to 3-4 hours…

Also When I edit an invoice does it have some autosave feature ? ?

I ask this because sometime I edit an invoice and the phone ring and I go out of my house and comeback few hours later so if I’m logged out and I did not save my invoice I would lose all my edit being logged out.

Regards ! :slight_smile:

Not sure if they use that particular variable anymore unless SESSION_EXPIRE_ON_CLOSE is set to false.

It’s handled in the .env file with AUTO_LOGOUT_SECONDS (I have mine set to 3600, or one hour), and I think there’s also a REMEMBER_ME setting that can be put to true if you want it to keep you logged in indefinitely.

As for an autosave, I don’t think they have one. Best practice might be to just click “save draft” if you get pulled away in the middle of creating an invoice.

Thanks for your reply,

I’m a little bit confused, what I would like to do is to have my session open indefinitely until I close my tab/windows with Invoice Ninja ? Does it is possible to do ? ?

Regards :slight_smile:

Maybe this will help…

https://invoice-ninja.readthedocs.io/en/latest/configure.html#security

Thanks for your reply,

I see “By default the app clears the session when the browser is closed

Does there is an option to do the same thing when we close a tab with Invoice Ninja ?

You may be able to make it work by changing the settings in config/session.php

Found a relevant answer here.

"Browsers only destroy session cookies when the entire browser process is exited. There is no reliable method to determine if/when a user has closed a tab. There is an onbeforeunload handler you can attach to, and hopefully manage to make an ajax call to the server to say the tab's closing, but it's not reliable.

And what if the user has two or more tables open on your site? If they close one tab, the other one would effectively be logged out, even though the user fully intended to keep on using your site."

So long story short, having the session end when you close the tab instead of the entire browser is likely not possible in any reliable fashion.

It’s been long time since my last post but I’ve tried to ad in the .env file those 2 lines:

The app automatically logs the user out after this number of seconds

#AUTO_LOGOUT_SECONDS=18144000

But it keep to log me out… Why ?

Regards.

If you have the # at the start of the line in the .env file it will comment out the line.

Ahhhh you’re so right I was searching high and low and overlooked this rookie mistake since I just pasted the line from Github and did not think to uncomment the code line…

Thanks !

I tried this weekend to remove the “#” but I t keep logging me out ???

Here’s my .env file to help me to resolve this: