Specify the length of time a login is remembered?

webmin can be set to permanently remember a login.

but is there a way to keep the login session token around for a certain number of hours or days?

SYSTEM INFORMATION
OS type and version Ubuntu Linux 22.04.4
Webmin version 2.111

I think the best you can is auto logout after x number of minutes of inactivity

Webmin --> Webmin configuration --> Authentication --> Auto-logout after x minutes of inactivity

1 Like

I use this to make sure I don’t accidentally leave open sessions. Opera has what I consider a strange behavior. If I kill a window I have to log back in. If the system kills it during a shutdown, it seems to remember the session. But, I was getting a lot of sessions being show as open so I set the inactivity timer for security reasons.

Is this not a gift to session hijackers

it is also impractically, imagine you did a submission for some changes just as the session was expired by webmin, this could cause issues or worse, working in the web-based terminal.

Do you mean you have to login every time your go to your webmin url?
This is not normal, I rarely have to log in.
There some docs on authentication.

if i fully close the browser and then restart it will need to login to webmin again, like when i shut down my computer at night then turn it on in the morning. it’s been like that for years over various servers and browsers.

perhaps if i choose the “remember login permanently” option then it won’t ask me to login.

but i don’t want the permanent option, just want to set the “remember” time to some arbitrary length of time.

Unless your PC is not secure then I don’t see a issue with permanent, there are other options like the logout after so many minutes, set it to like 24hours or 7days.

you are correct but i’m eccentric about this. fearing if i don’t enter my credentials occasionally, i may forget them.

sounds like there isn’t such an option in webmin. no biggie. at least now i know.

thanks all.

My browser will ask me. I always tell it no. You probably did this in the past. There is probably a way around this depending on your browser.

So something like this doesn’t work for you?

unfortunately it does not. i have it set to 7200 min. if i login to webmin, then shut down the browser and start it up again, webim asks for credentials.

think this option works like bank portals that auto-logout users if the page sits idle for x min.

i use 2fa using google auth, so maybe that plays a part too.

I have a fixed IP so I lock webmin to that.

i just enabled it and got locked out, a popup about needing to reauthenticate and that didn’t get me anywhere.

had to revert that same ip option in miniserv.conf, so back in business now.

my server’s behind cloudflare and only cf ip’s are allowed access, so maybe that’s the issue. perhaps it would help if i enabled Trust remote IP address provided by proxies, but that opens a bit of a security risk.

appreciate all the ideas though.

will leave it as is. maybe at some point i’ll get over my obstinance and have it remember the login permanently.

1 Like

Just stop going through Cloudflare for Webmin! There’s no reason to have Cloudflare in that equation at all.