1. Session Timeout After Inactivity
I would like to configure Odoo so that a user is automatically logged out after a defined period of inactivity (e.g., 15 minutes or 1 hour). I am aware that Odoo uses session-based authentication, and sessions are stored in the ir.sessions table.
- Is there a built-in configuration option or a recommended way to define session lifetime?
- If I modify session_lifetime in the Odoo config file (odoo.conf), does it effectively control this behavior?
- session_lifetime = 3600
- Will setting this value also ensure forced logout in case the user stays idle?
2. Terminate Session on Browser Close or Tab Close
Additionally, I want to ensure that the user session is terminated immediately if the browser tab or window is closed (like logging out or invalidating the session token).
- I understand this is tricky with standard HTTP (as it's stateless), but is there any suggested workaround or custom module that can help detect tab/window close and notify the server to end the session?
- Can this be achieved using window.onbeforeunload or navigator.sendBeacon() in a custom JS module in Odoo?
- Are there any security risks or side effects of forcing logout on tab close?
Environment:
- Odoo Version: [Odoo 18]
