How to invalidate ember session on user inactivity


#1

Hi there,

Currently I am trying to develop an ember application utilizing the library Ember Simple Auth with JWT authentication method. Right now, I have managed to do the login authentication and logout session invalidation. However, everytime I close my browser or turning off my ember server, my application seems to be still authenticated.

How can I detect user inactivity and set a timeout as well as calling the invalidate session once the timeout has been reached ?

Thank you


#2

Hello @stephennyu

Ember Simple Auth implements Store classes. By default its using localStorage/Cookie store to store the token. But you can easily implement a different one that meets your need. To me, it looks like sessionStorage (the Browser API) is what you need. I suggest that you use the LocalStorageSessionStore and just replace localStorage with sessionStorage. Then you can easily use it as shown here

If you do this, your session will expire once you close the browser.


#3

Hi @mupkoo,

I have tried your solution and it works. However, what I would like to is that there is a timeout for when the user is still opening the application but with no activity. How can I manage to set a timeout for session storage ? Is that possible ?

Thank you