AnsweredAssumed Answered

OAuth: Logout after 15 minutes of inactivity?

Question asked by John Hoffmann on Mar 23, 2020
Latest reply on Mar 31, 2020 by Enrico Simonetti

Corporate has requested that I change the inactive timeout for Sugar to 15 minutes to match their security policies across their other web/desktop applications.


I have the oauth2 lifetime's as so:


  'oauth_token_expiry' => 0,
  'oauth_token_life' => 86400,
  'oauth2' => [
    'access_token_lifetime' => 600,
    'refresh_token_lifetime' => 900,
    'max_session_lifetime' => 900


And for the most part, it works perfectly.  There are some cases however where there seems to be a disconnect on the client side, and when they try to log back in, they get something along the lines of "No valid authentication for user."


They're still able to login via Incognito mode, so I know it's cache related, but does anyone have a workaround that doesn't involve excessive browser cache clearing?