You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you close the browser without signing out from your Element session, the session will still remain open. If another user uses the same browser he will be able to log in to your session/account.
This is the same as #10421 but the solution that was propose in #10421 affects all the clients (mobile, fat clients, and web), we would like to keep fat-clients always open (because they have all the encryption keys....)
The solution proposed by Enannos in #10421 sounds great work-around (even a correct solution), but the bundle.js does not contain the information mention by Enannos :
Search into bundle.js for mx_access_token
Find localStorage.getItem("mx_access_token") and replace with sessionStorage.getItem("mx_access_token")
Outcome
For security reasons, the session should close when the user close the browser.
Operating system
No response
Application version
No response
How did you install the app?
No response
Homeserver
No response
Will you send logs?
Yes
The text was updated successfully, but these errors were encountered:
This is not a defect, it works as designed. You're asking for a new feature, a mode where things are deleted on logout. Issue with that is not all web storages can be configured to expire like this. Only SessionStorage is available for that purpose, IndexedDB is also required and that cannot expire as such. And when you're closing a browser the app is not guaranteed any further time to clean up any asynchronous calls.
@t3chguy
Thank you for your clarification, very clear.
It will be great to add/implement this feature in the future.
Regards,
richvdh
changed the title
Session logout when closing the browser not working only for webclient
Feature request: log out the session browser window is closed
Jun 26, 2024
Steps to reproduce
Hello,
If you close the browser without signing out from your Element session, the session will still remain open. If another user uses the same browser he will be able to log in to your session/account.
This is the same as #10421 but the solution that was propose in #10421 affects all the clients (mobile, fat clients, and web), we would like to keep fat-clients always open (because they have all the encryption keys....)
The solution proposed by Enannos in #10421 sounds great work-around (even a correct solution), but the bundle.js does not contain the information mention by Enannos :
Outcome
For security reasons, the session should close when the user close the browser.
Operating system
No response
Application version
No response
How did you install the app?
No response
Homeserver
No response
Will you send logs?
Yes
The text was updated successfully, but these errors were encountered: