Feature Request: Add Configurable Session Timeout for Enhanced Security

[JoaquinLahann]

Feature Request: Add Configurable Session Timeout for Enhanced Security

Hello Semaphore team,

I would like to propose the introduction of a configurable session timeout feature in Semaphore UI.

Motivation

Currently, it appears that Semaphore UI lacks a built-in mechanism to automatically log users out after a period of inactivity. Implementing a session timeout would bring several key benefits:

• Improved Security: Automatically logging out inactive users reduces the risk of unauthorized access if a user forgets to log out or leaves their workstation unattended.
• Compliance: Many security standards and organizational policies require session expiration to limit potential attack windows.
• Better Resource Management: Expiring inactive sessions can help free up server resources by cleaning up stale sessions.
• User Experience: A configurable timeout allows organizations to balance security with convenience by choosing appropriate session durations.

Suggested Implementation

• Add a configurable parameter (e.g., session_timeout in minutes) in the config file or environment variables.
• Enforce automatic logout after the timeout period of inactivity.
• Optionally, display a warning message before logout to allow users to extend their session.

Thank you for considering this enhancement. I believe it would significantly improve Semaphore’s security posture and usability for many users.

Best regards.