Implementing session timeouts in Odoo enhances security by ensuring users are logged out after periods of inactivity, thereby reinforcing multi-factor authentication (MFA) protocols. To configure session timeouts in Odoo, consider the following approaches:​

1. Adjust Odoo Configuration Settings:

Modify the session_gc parameter in the Odoo configuration file (odoo.conf) to define the session expiration period. For example, setting session_gc = 3600 will expire sessions after one hour of inactivity. After making this change, restart the Odoo server to apply the new settings. ​

2. Utilize Third-Party Modules:

Several modules are available to manage session timeouts:​

• Inactive Sessions Timeout: This module allows you to set a specific duration for session validity. After the defined period of inactivity, users are automatically logged out. You can configure the session timeout by setting the inactive_session_time_out_delay parameter, which defines the validity of a session in seconds (default is 2 hours). ​
• Activity Session Timeout: This module enables automatic logout of inactive users after a specified time. The default session timeout is 5 minutes, but it can be adjusted by modifying the activity_session_timeout_key parameter in the system settings. 

3. Implement Custom Development:

If existing modules do not meet your specific requirements, custom development can be undertaken to create a tailored session timeout mechanism. This approach allows for precise control over session management, aligning with your organization's security policies.​

At Wan Buffer Services, we have extensive experience in customizing Odoo to enhance security measures, including implementing session timeouts to ensure compliance with IT audit requirements.